SHA-1 status
Collision found in 2017 (SHAttered). Deprecated. Still used in legacy systems (Git commit IDs — deliberately, no security).
Advertisement
SHA-256
Merkle-Damgård construction. 256-bit output. 64 rounds. Standard for TLS certs, JWT, most modern uses.
Advertisement
SHA-3 (Keccak)
Sponge construction — different from Merkle-Damgård. Absorbs input into state, squeezes output. Resistant to length-extension attacks.
BLAKE3
Modern alternative: fast, tree-based, parallelizable. Beats SHA-256 by 4-10x. Not NIST but rapidly adopted.