MD5 is everywhere. It is in legacy codebases, old tutorials, and still used by developers who have not stopped to check whether it is still appropriate. In most cases it is not. Here is a clear breakdown of what hash functions are, why MD5 is broken, and what you should use instead. What is a hash function? A hash function takes any input - a word, a file, an entire database dump - and produces a fixed-length string called a hash or digest . The same input always produces the same hash. Change even one character and the output changes completely. SHA-256("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 SHA-256("hello!") = ce06092fb948d9ffac7d1a376e404b26b7575bcc11ee05a4615fef4fec3a308b Enter fullscreen mode Exit fullscreen mode This "tiny input, wildly different output" property is the avalanche effect and is fundamental to why hash functions are useful. Hash functions are one-way . You cannot reverse a hash back to the original input.…