Run a file through MD5 and you get a string like d41d8cd98f00b204e9800998ecf8427e. That is 128 bits written as 32 hex characters. The same file always produces the same string, and changing a single byte changes the whole thing. The length is fixed no matter how large the file is.
MD5 is fast, so it is a practical choice when you need to hash a lot of files quickly:
For all of these, the concern is accidental difference, not deliberate tampering, and MD5 handles that well.
MD5 is broken for security. Researchers have shown it is practical to create two different files that produce the same MD5 on purpose, which is called a collision. That means MD5 cannot be trusted to prove a file has not been swapped by someone acting in bad faith. For downloads that must resist tampering, or for anything cryptographic, SHA-256 is the right tool.
Use MD5 when you are checking your own files against accidental duplication or corruption, where speed matters and nobody is trying to fool you. Switch to SHA-256 when the check has to hold up against someone deliberately faking a match. Many file tools compute both, so you can choose based on the job.
Compute MD5, SHA-1, and SHA-256 across a folder on Mac and group duplicates by hash. Runs on-device. · macOS