Hash lengths
The main output of a secure hash function is always specified in bits. So when it comes to the output of a hash function, the cryptographer always talks about, for example, 128 bits for the broken MD5 algorithm, 160 bits for SHA1, and obviously 256 bits for SHA-256.
Most cryptographic APIs, however, only work with bytes. This means that if there is a specific method that specifies the size of the hash, then the size in bytes is most often returned. Thus, for the above algorithms it will be 16, 20 and 32 bytes.
Of course bytes are returned, for example. hexadecimals, then the length in characters of the string will be twice as long. The string length must return 32, 40, or 64 characters. If this translates to the same number of bytes depends on the character encoding (e.g. using UTF-16 doubles the number of bytes).
Hash functions have a lot of internal state, so the number of bytes executed by the current implementation is much higher than the number of bits in the output. It's not nearly as high as you would notice on a modern PC.
source to share