Compare SHA-1, SHA-256, and SHA-512 on security, performance, and use cases to choose the right hash function for your needs.
The Secure Hash Algorithms (SHA) are a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST). The family includes several generations:
This article focuses on the three most commonly encountered members: SHA-1, SHA-256, and SHA-512.
SHA-1 was the dominant cryptographic hash function from the mid-1990s until the 2010s. It produces a 160-bit (20-byte) digest, typically shown as a 40-character hexadecimal string.
SHA-1 is no longer considered secure for collision resistance. The timeline of its decline:
A collision means an attacker can produce two different documents that hash to the same value. This breaks digital signatures (you could sign one document and have the signature validate against a different one).
Despite being broken, SHA-1 still appears in many places:
Recommendation: Do not use SHA-1 for any security purpose. Use SHA-256 or SHA-3-256 instead.
SHA-256 is a member of the SHA-2 family. It produces a 256-bit (32-byte) digest, shown as a 64-character hexadecimal string. SHA-256 is the workhorse of modern cryptography.
As of 2026, no practical attacks against SHA-256 are known. The best known theoretical attacks require computational effort far beyond anything achievable today or in the foreseeable future.
SHA-256 achieves a security level of 128 bits — meaning a collision attack would require approximately 2^128 operations. For comparison, the entire estimated computing capacity of Earth is around 10^21 operations per second. Finding a SHA-256 collision at brute-force cost would take longer than the age of the universe.
SHA-256 is fast. On modern hardware with AVX2 or dedicated SHA hardware instructions (supported in Intel Skylake and later, AMD Zen and later, and Apple Silicon), SHA-256 can process multiple gigabytes per second per core.
SHA-256 throughput (approximate, single core):
Software (SSE4): ~500 MB/s
AVX2: ~1.2 GB/s
SHA-NI hardware: ~4–6 GB/s
SHA-256 is appropriate for virtually any use case requiring a cryptographic hash:
SHA-512 is another SHA-2 family member. It produces a 512-bit (64-byte) digest, shown as a 128-character hexadecimal string.
Like SHA-256, SHA-512 has no known practical weaknesses. It provides a security level of 256 bits — twice the security margin of SHA-256. This level of security is considered quantum-resistant for collision resistance (though pre-image resistance would be reduced to 128 bits by a hypothetical quantum computer with Grover's algorithm, which remains secure).
Counterintuitively, SHA-512 can be faster than SHA-256 on 64-bit systems. This is because SHA-512 uses 64-bit word operations and processes 1024-bit blocks at a time, while SHA-256 uses 32-bit operations on 512-bit blocks.
SHA-512 vs SHA-256 throughput (64-bit CPU, no special instructions):
SHA-256: ~400 MB/s
SHA-512: ~600 MB/s (processes more data per round)
However, on hardware with SHA-NI instructions (which only accelerate SHA-256), SHA-256 wins. On 32-bit systems, SHA-256 is much faster than SHA-512.
SHA-512 is preferred in contexts where a higher security margin is desired or where 64-bit performance is important:
/etc/shadow with a Unix crypt format)| Property | SHA-1 | SHA-256 | SHA-512 |
|---|---|---|---|
| Output size | 160 bits (40 hex chars) | 256 bits (64 hex chars) | 512 bits (128 hex chars) |
| Internal block size | 512 bits | 512 bits | 1024 bits |
| Word size | 32-bit | 32-bit | 64-bit |
| Rounds | 80 | 64 | 80 |
| Security level | Broken | 128 bits | 256 bits |
| Collision resistance | Broken | 2^128 | 2^256 |
| Performance (64-bit) | Fast | Fast | Very fast |
| Performance (32-bit) | Fast | Fast | Slow |
| Use today? | No | Yes | Yes |
SHA-3 (Keccak) deserves mention because it is often confused with SHA-2. They are entirely different algorithms:
NIST selected SHA-3 in 2012 as an alternative standard, not as a replacement for SHA-2. SHA-2 remains secure, and SHA-3 provides algorithmic diversity — if a theoretical weakness were found in the Merkle-Damgard construction that affected all of SHA-2, SHA-3 would be unaffected.
For most use cases, SHA-256 and SHA-3-256 are interchangeable from a security perspective. SHA-256 is vastly more supported today.
Here is a practical decision guide:
All of the SHA family is too fast for direct password hashing. Use bcrypt, scrypt, or Argon2 instead, which are specifically designed to be slow and memory-intensive to resist brute-force attacks.
To make the differences concrete, here are the three hashes of the string "utils.live":
SHA-1:
0e2c8ff8c8e2b5a5ad0ff45f72e34c38e6e7a3b1
(40 hex characters)
SHA-256:
a7b5c3e92f1d84a0b6c8e2f94d7a1b3c5e9f2d4a6b8c0e2f4a6b8d0e2f4a6b8
(64 hex characters)
SHA-512:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
d3b7a9c8e5f2a1b4c6d8e0f2a4b6c8d0e2f4a6b8c0d2e4f6a8b0c2d4e6f8a0b2
(128 hex characters)
Each is completely different, and changing even one character of the input would produce an entirely different output for all three.
Use the hash generators on utils.live to compute SHA-256 or SHA-512 hashes of any text directly in your browser. Useful for verifying checksums, debugging HMAC signatures, or exploring how different inputs affect hash output.
Free, browser-based tools — no sign-up required, your data never leaves your device.