Moving from MD5 to SHA256 means we just about triple the amount of time it takes to generate a hash.
But I suggest there are few applications where this speed improvement justifies the confusion I've seen in junior engineers who believe MD5 is okay because a. they use MD5SUM and b. Bruce Schneier said it was okay.
Don't get me wrong. I trust that //YOU// will know not depend on a MD5 hash for anything where a bad guy can modify content over the wire. But... I'm going to go out on a limb and guess you're somewhat experienced. I worry about the kids who without the benefit of experience re-enact scenes from the cryptography edition of Lord of the Flies.
But... if you know what you're doing... sure... use MD5... There's certainly no way your code will ever be used by a less experienced engineer, right?
I tend to prefer b2sum (BLAKE2), as it's both fast and (at the time of writing this, AFAIK) secure. There are certainly situations where md5 is good enough, but yeah, I feel safer just using blake2 and not having to spend brain cycles thinking whether the hash needs to be cryptographically secure or not, and risk making the wrong judgement.
Tried with a 3.5GB Ubuntu .iso file, results are similar though I also tried b3sum and that was even faster(just 1.8s vs. 19s for sha256sum & 6.7s for md5sum). So performance is definitely not an argument for md5.
- md5sum: 0.570s
- sha1sum: 0.667s
- sha256sum: 1.662s
- sha512sum: 1.011s
- b2sum: 0.486s
- cksum: 0.982s
In conclusion: b2sum is both the fastest and AFAIU considered secure.