Checksum Algorithms Compared
MD5, SHA-1, SHA-256, SHA-512, CRC32, and BLAKE3 — when to use each for integrity checking.
Published:
Tags: checksum algorithm comparison, hash algorithm choice, MD5 vs SHA-256
Checksum Algorithms Compared Checksums and hash functions serve different purposes. CRC32 detects accidental bit errors. MD5 and SHA-1 are legacy integrity checks. SHA-256 and SHA-512 are the current security standard. BLAKE3 is faster for non-FIPS workloads. Choosing the right one depends on whether an adversary could be involved. --- What is Algorithm Reference Table? | Algorithm | Output | Type | Collision attacks | Security use | |-----------|--------|------|-----------------|-------------| | CRC32 | 32 bits / 8 hex | Error detection | Trivially constructed | No | | MD5 | 128 bits / 32 hex | Cryptographic hash | Practical (2004) | No | | SHA-1 | 160 bits / 40 hex | Cryptographic hash | Practical (2017) | No | | SHA-256 | 256 bits / 64 hex | Cryptographic hash | None known | Yes | |…
Frequently Asked Questions
What is the difference between MD5 and SHA-256?
MD5 produces a 128-bit (32-hex-char) digest and has known collision vulnerabilities — two different files can be crafted to produce the same MD5 hash. SHA-256 produces a 256-bit (64-hex-char) digest with no known practical weaknesses. Use SHA-256 for any security-relevant integrity checking.
Is MD5 still safe for checksums?
MD5 is safe for detecting accidental corruption (bit flips during transfer) because collisions require deliberate effort to craft. It is not safe for detecting intentional tampering — an adversary can construct a modified file with the same MD5 hash as the original. Use SHA-256 for any scenario where an attacker might be involved.
What is SHA-1 and should I use it?
SHA-1 is a 160-bit hash function deprecated by NIST in 2011. In 2017, the SHAttered attack demonstrated a practical SHA-1 collision. Modern TLS certificates require SHA-256 or stronger. Do not use SHA-1 for new work; migrate existing SHA-1 checksums to SHA-256.
What is BLAKE3?
BLAKE3 is a modern cryptographic hash function that is significantly faster than SHA-2 on modern hardware, supports parallelism, and has a clean construction resistant to length-extension attacks. It is not yet a NIST standard but has been extensively analyzed and is suitable for checksums and non-FIPS applications.
When should I use CRC32?
CRC32 is appropriate for error detection in communication protocols and storage formats (ZIP, PNG, Ethernet) where the goal is detecting accidental bit errors, not preventing intentional tampering. It is not a cryptographic hash — a collision can be trivially constructed. Never use CRC32 for security purposes.
All articles · theproductguy.in