hashsha256md5security

What Is a Hash: MD5, SHA-256 and What It's Really For

A clear explanation of hash functions (MD5, SHA-1, SHA-256): what they are, what they're for, why they aren't encryption and how to generate hashes free in the browser.

June 21, 2026·6 min read

"Hash" is one of those words that shows up in security, blockchain and development, and that many people use without being clear on what it means. This guide shows what a hash function is, how it differs from encryption and what it's really used for, with concrete examples.

What is a hash function

A hash function takes an input of any size (a text, a file) and produces a fixed-length string, its hash or digest. For example, SHA-256 always produces 64 hex characters, whether the input is a single letter or an entire book.

Its key properties:

  • Deterministic: the same input always produces the same hash.
  • Fast to compute one way.
  • Irreversible: you can't recover the original input from the hash.
  • Avalanche effect: changing a single character produces a completely different hash.
  • Collision-resistant: it's practically impossible to find two inputs with the same hash (in modern algorithms).

A hash is NOT encryption

This is the most common misunderstanding. Encrypting is reversible: with the right key you recover the original text. Hashing is one-way: there's no "key" to undo it. So:

  • Encryption protects data you need to recover (messages, files).
  • Hashing verifies data without storing it (passwords, integrity).

If someone says "I'll hash this to decrypt it later," they're confused.

What a hash is really used for

1. Storing passwords

Serious websites never store your password, they store its hash. When you log in, they hash what you type and compare it to the stored hash. So if their database is stolen, they don't have your password. (For this, specific slow hashes like bcrypt are used, not plain SHA.)

2. Verifying file integrity

When you download a program, the site sometimes publishes its SHA-256 hash. You compute the hash of what you downloaded and, if it matches, you know the file hasn't been corrupted or tampered with.

3. Fingerprints

Certificates, Git commits, blockchain blocks… all use hashes as unique, tamper-proof identifiers.

The most common algorithms

  • MD5: fast but broken for security (collisions can be generated). Only valid for non-critical checksums.
  • SHA-1: also obsolete for security. Avoid it.
  • SHA-256 / SHA-512: the current standard. Secure and widely used.

Practical rule: for anything security-related, use SHA-256 or higher. MD5 only for quick integrity checks with no security value.

How to generate a hash

  1. Type or paste your text.
  2. Choose the algorithm (MD5, SHA-1, SHA-256…).
  3. Get the hash instantly.

You can do it free with the hash generator on this site, which uses the browser's Web Crypto API: your text is never uploaded to any server.

Frequently asked questions

Can a hash be "decrypted"? No, it's irreversible. What exists are tables of precomputed hashes of common passwords; that's why passwords must be long and unique.

Why don't two different files have the same hash? Because of collision resistance. MD5 collisions have been found; SHA-256 collisions haven't.

Is MD5 useful today? Only as a quick non-critical integrity checksum. Never for passwords or security.

Is my text uploaded when generating the hash? No, if you use a local generator. It's computed in your browser.

Generate MD5, SHA-1 and SHA-256 hashes instantly with the free hash generator, using the Web Crypto API and without your text leaving the browser.

Try it without code

Hash Generator

MD5, SHA-1, SHA-256 and SHA-512.

Open Hash Generator

Built by

Miguel Ángel Colorado Marin (MACM)

Full-Stack Developer · Guadalajara, España

I develop web apps, digital tools and full projects — from design to deployment.

GitHubLinkedIn
Contact me