SHA-1 status

Collision found in 2017 (SHAttered). Deprecated. Still used in legacy systems (Git commit IDs — deliberately, no security).

Advertisement

SHA-256

Merkle-Damgård construction. 256-bit output. 64 rounds. Standard for TLS certs, JWT, most modern uses.

Advertisement

SHA-3 (Keccak)

Sponge construction — different from Merkle-Damgård. Absorbs input into state, squeezes output. Resistant to length-extension attacks.

BLAKE3

Modern alternative: fast, tree-based, parallelizable. Beats SHA-256 by 4-10x. Not NIST but rapidly adopted.