File Hash Algorithms
File-integrity hash algorithms — speed, output size, and when to use each.
Reference
For file integrity
| Algorithm | Size | Speed (1 core) | Security | When to use |
|---|---|---|---|---|
| CRC-32 | 32 bit | ~5 GB/s | ❌ Not adversarial | Transport error detection |
| xxHash 64 | 64 bit | ~20 GB/s | ❌ Non-crypto | Fast dedup / cache keys |
| xxHash 128 (XXH3) | 128 bit | ~30 GB/s | ❌ Non-crypto | Deduplication |
| MD5 | 128 bit | ~700 MB/s | ❌ Broken | Legacy checksums only |
| SHA-1 | 160 bit | ~600 MB/s | ❌ Broken | Git objects (migrating away) |
| SHA-256 | 256 bit | ~500 MB/s | ✓ Secure | Default integrity (package managers, signed releases) |
| SHA-512 | 512 bit | ~700 MB/s | ✓ Secure | Faster than SHA-256 on 64-bit |
| BLAKE2b | 512 bit | ~1 GB/s | ✓ Secure | Fast crypto integrity |
| BLAKE3 | arbitrary | ~3 GB/s | ✓ Secure | Parallel, streaming |
Guidance
- Adversarial (downloads, signatures): SHA-256 minimum; BLAKE3 for speed + security.
- Non-adversarial dedup: xxHash or BLAKE3 — faster, same effective collision odds.
- Never rely on MD5 or SHA-1 where an attacker could forge content.
- Git uses SHA-1 today with collision detection; SHA-256 migration is in progress.
Last updated: