MD5 Hash Generator

Calculate the MD5 hash of any string instantly in your browser. Widely used for file integrity checks, but not recommended for security purposes due to proven collision attacks.


Tips

  • MD5 is a 128-bit hash function designed by Ronald Rivest in 1991. A collision attack (producing the same hash from different inputs) was demonstrated in 2004, making it unsuitable for any security-sensitive use.
  • MD5 is still widely used for file integrity checks — comparing the MD5 value published by a distributor with the one you calculate locally lets you detect accidental corruption (not malicious tampering).
  • Using MD5 to store passwords is extremely dangerous. Modern GPUs can compute MD5 billions of times per second, cracking short passwords almost instantly.
  • MD5 always outputs 128 bits (32 hexadecimal characters), regardless of the length of the input.
  • For storing passwords, use dedicated algorithms like BCrypt or Argon2 that are intentionally slow.

FAQ

No, MD5 is a one-way function — it's mathematically infeasible to recover the original input from the hash. However, short or common strings can be looked up in precomputed rainbow tables, which is why MD5 must never be used to protect passwords.

Yes, MD5 is deterministic: identical inputs always produce identical outputs. Even a single character difference — including case or whitespace — will produce a completely different hash.

For simple non-security checksums (e.g., detecting accidental file corruption), MD5 is fine. For anything security-related, choose SHA-256 — no collision attack against it has been demonstrated, and it remains widely trusted.
ツールくん

Side Note — The Inventor of MD5 and the Trajectory of a "Broken" Algorithm

MD5 (Message Digest Algorithm 5) was designed in 1991 by cryptographer Ronald Rivest (the "R" in RSA). It was widely adopted as a secure hash function, but design weaknesses were flagged in 1996, and in 2004 Chinese cryptographer Xiaoyun Wang and colleagues demonstrated a successful collision attack, sealing its retirement from security use.

In 2008, researchers reported the creation of a fraudulent SSL certificate exploiting MD5 collisions — forging a certificate with the same MD5 hash as a legitimate CA signature to enable man-in-the-middle attacks. This prompted major browsers and CAs to phase out MD5 in certificates entirely.

Today, MD5 survives primarily in non-security checksums. Verifying that a large file arrived intact after transfer — detecting accidental corruption rather than deliberate tampering — is a use case where MD5 still works perfectly well.