Can a hash be reversed?

No. Hashing is one-way by design. Attackers do not reverse hashes — they guess inputs and compare, which is why slow, salted hashes matter for passwords.

Not for security. MD5 is collision-broken. It is only acceptable as a fast checksum for detecting accidental corruption, never for signatures or passwords.

Why not just use SHA-256 for passwords?

It is far too fast — attackers can compute billions of guesses per second. Use bcrypt, scrypt, or Argon2, which are intentionally slow and salted.

A random value added to each password before hashing so identical passwords produce different hashes, defeating precomputed rainbow tables. bcrypt manages salts for you.

Hashing explained: MD5, SHA-256, and why you should not use them for passwords

7 min readUpdated May 24, 2026

A hash function turns any input into a fixed-size fingerprint. It is one-way and deterministic — the same input always yields the same output, but you cannot reverse it. The catch: the right hash depends entirely on the job.

What makes a good hash

Deterministic — same input, same output, every time.
Fixed size — SHA-256 always produces 256 bits, regardless of input length.
One-way — infeasible to recover the input from the hash.
Avalanche — a one-bit change in input flips ~half the output bits.

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes in the Hash Generator.

MD5 and SHA-1 are broken

MD5 and SHA-1 are not collision-resistant — researchers can craft two different inputs with the same hash. Do not use them for signatures or security. They survive only as fast, non-security checksums (e.g., detecting accidental file corruption).

SHA-256 for integrity

SHA-256 (part of the SHA-2 family) is the workhorse for data integrity and digital signatures: verifying downloads, content addressing, and as a building block in protocols. It is fast and currently considered secure against collisions.

Why fast hashes are wrong for passwords

The speed that makes SHA-256 great for integrity makes it dangerous for passwords. An attacker with a leaked database can compute billions of SHA-256 guesses per second on a GPU.

Password hashing needs to be deliberately *slow* and *salted*. Use bcrypt, scrypt, or Argon2 — algorithms with a tunable cost factor. Try the Bcrypt tool to see how a salt and cost factor change the output.

Rule of thumb: SHA-256 for "did this data change?", bcrypt/Argon2 for "is this the right password?".

Frequently asked questions

Can a hash be reversed?: No. Hashing is one-way by design. Attackers do not reverse hashes — they guess inputs and compare, which is why slow, salted hashes matter for passwords.
Is MD5 safe to use?: Not for security. MD5 is collision-broken. It is only acceptable as a fast checksum for detecting accidental corruption, never for signatures or passwords.
Why not just use SHA-256 for passwords?: It is far too fast — attackers can compute billions of guesses per second. Use bcrypt, scrypt, or Argon2, which are intentionally slow and salted.
What is a salt?: A random value added to each password before hashing so identical passwords produce different hashes, defeating precomputed rainbow tables. bcrypt manages salts for you.

Try it yourself

Put this guide into practice — these tools run free in your browser.

Hash Generator (MD5, SHA-1, SHA-256, SHA-512)Bcrypt Hash Generator & Verifier UUID Generator