What is the difference between hashing and encryption?

Hashing is one-way: you cannot recover the input from the digest. Encryption is reversible with the right key. Hashes prove integrity or act as fingerprints; encryption protects confidentiality. Do not store passwords as bare unsalted hashes of weak algorithms—use dedicated password hashing (bcrypt, Argon2).

MD5 is broken for collision resistance: attackers can craft two different inputs with the same MD5. It is unsuitable for certificates or signatures. It still appears in legacy checksums and non-adversarial deduplication; do not choose it for new security designs.

When should I use SHA-256?

SHA-256 (SHA-2 family) is the mainstream choice for HMAC, TLS signatures, blockchain-style linking, and general integrity when you need a modern, well-studied primitive. Pair it with a secret key when you need authentication (HMAC), not the bare hash alone.

What is collision resistance?

A hash is collision-resistant if it is infeasible to find two distinct inputs with the same output. Weak collision resistance breaks trust: two files could ‘verify’ as identical. preimage resistance means you cannot find an input for a given digest—important for password hashing contexts.

A salt is random data prepended or XORed with input before hashing so identical passwords yield different digests and rainbow tables fail. Salting applies to password storage, not to generic file checksums. For passwords, use algorithms designed for that problem, not raw SHA-256 alone.

Hash Generator

v1.0.0

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes instantly with real-time hashing, file support, and copy tools.

Input Text

Enter text to generate hashes

Cryptographic hashes fingerprint data in fixed-size digests. WMCoder generates common algorithms so you can verify downloads, debug APIs, and match upstream specs.

Read the full guide →

Frequently Asked Questions

What is the difference between hashing and encryption?: Hashing is one-way: you cannot recover the input from the digest. Encryption is reversible with the right key. Hashes prove integrity or act as fingerprints; encryption protects confidentiality. Do not store passwords as bare unsalted hashes of weak algorithms—use dedicated password hashing (bcrypt, Argon2).
Is MD5 still secure?: MD5 is broken for collision resistance: attackers can craft two different inputs with the same MD5. It is unsuitable for certificates or signatures. It still appears in legacy checksums and non-adversarial deduplication; do not choose it for new security designs.
When should I use SHA-256?: SHA-256 (SHA-2 family) is the mainstream choice for HMAC, TLS signatures, blockchain-style linking, and general integrity when you need a modern, well-studied primitive. Pair it with a secret key when you need authentication (HMAC), not the bare hash alone.
What is collision resistance?: A hash is collision-resistant if it is infeasible to find two distinct inputs with the same output. Weak collision resistance breaks trust: two files could ‘verify’ as identical. preimage resistance means you cannot find an input for a given digest—important for password hashing contexts.
What is salting?: A salt is random data prepended or XORed with input before hashing so identical passwords yield different digests and rainbow tables fail. Salting applies to password storage, not to generic file checksums. For passwords, use algorithms designed for that problem, not raw SHA-256 alone.