Which hashing algorithm is generally considered insecure due to known collision vulnerabilities?

Hash functions should be collision-resistant, meaning it should be hard to find two different inputs that produce the same hash. MD5 has known collision vulnerabilities, with practical demonstrations showing that two distinct messages can yield the same MD5 digest. This undermines integrity checks, digital signatures, and certificate validation that rely on a unique, tamper-evident hash. Because of these weaknesses, MD5 is broadly regarded as insecure for security-sensitive tasks and is deprecated in favor of stronger algorithms. The other options are currently considered secure against practical collisions (SHA-256 and SHA-3), while SHA-1 has known weaknesses but is being phased out in favor of stronger hashes; the standout insecure choice in this context is MD5.