Quiz Entry - updated: 2026.07.14
Which common hash functions are considered deprecated, and which are currently recommended?
MD5 (128-bit) and SHA-1 (160-bit) are deprecated and must not be used for signatures; SHA-2 (256/512-bit) and SHA-3 are currently recommended.
| Hash Function | Output Size | Status |
|---|---|---|
| MD5 | 128 bits | Broken — collisions found in 2004, practical attacks exist |
| SHA-1 | 160 bits | Deprecated — collision found by Google in 2017 (SHAttered) |
| SHA-2 (SHA-256, SHA-512) | 256 / 512 bits | Recommended — currently standard |
| SHA-3 (Keccak) | 256 / 512 bits | Recommended — different internal structure from SHA-2 |
Why does this matter? If an attacker can find collisions in a hash function, they can forge digital signatures. For example, they could create two documents with the same hash — one innocent, one malicious — get the innocent one signed, then substitute the malicious one.
Tip: SHA-2 and SHA-3 are both secure, but they use fundamentally different internal designs (Merkle-Damgård vs. sponge construction). Having both provides defense in depth — if one design is broken, the other likely survives.
Go deeper:
SHA-1 — the deprecation history and the SHAttered break.
SHAttered — first SHA-1 collision — two different PDFs with the same SHA-1 hash, with downloadable proof.
MD5 — why MD5 is catastrophically broken for signatures.