가이드
MD5 vs SHA-256: 무엇이 다를까?
MD5와 SHA-256의 실무 차이를 빠르게 이해하고 상황에 맞게 선택하세요.
두 알고리즘 모두 텍스트를 고정 길이 해시로 바꾸지만, 사용 목적은 다릅니다. 실무에서는 빠른 변경 감지인지, 더 강한 무결성 검증인지가 핵심입니다.
Quick definition of each algorithm
MD5 outputs a 128-bit hash, usually shown as 32 hex characters.
SHA-256 outputs a 256-bit hash, usually shown as 64 hex characters.
Why SHA-256 is generally preferred now
MD5 is considered cryptographically weak because collisions are practical.
SHA-256 is much harder to break, so it is preferred for modern integrity and security-sensitive workflows.
When teams still use MD5
MD5 can still appear in old systems, mirrors, or compatibility scripts.
It is often used as a quick fingerprint where security is not the primary goal.
- Legacy checksum fields in old tools.
- Fast duplicate detection in internal scripts.
- Backwards compatibility with existing APIs.
Practical rule of thumb
For new projects, pick SHA-256 unless you have a clear compatibility reason not to.
If another system forces MD5, document that decision and treat it as a legacy constraint.
How to compare outputs correctly
Hashes are exact-match values. One character difference means the inputs were different.
Make sure encoding and whitespace are consistent before deciding data changed.
이럴 때 유용합니다
- Choosing a hash algorithm for file verification.
- Explaining why older systems still output MD5.
- Documenting team rules for checksum workflows.
- Avoiding weak defaults in new projects.
호환성은 MD5, 기본 선택은 SHA-256
새 워크플로를 설계한다면 SHA-256을 기본으로 두는 편이 안전합니다. MD5는 레거시 호환이 필요할 때만 유지하세요.