It seems that MD5 and SHA-1 are the most vulnerable to this threat. Both of those have been regarded as untrustworthy for quite some time now. Best to stick with SHA-256 and SHA-512 IMO , and it appears to be the policy at VirusTotal also. This is a handy tool : https://raylin.wordpress.com/downloads/md5-sha-1-checksum-utility/ Don't be put off by the URL , it includes SHA-256 and SHA-512 in the free version. The paid version also supports CRC32 and SHA-384.