MD5 Hash Generator
Compute the MD5 hash of any text.
Overview
The MD5 hash generator computes a 128-bit digest of any text or byte input. Paste a string, get back the familiar 32-character lowercase hex value used by legacy CRC checks, content-addressable file paths, and countless old protocols.
It is the right tool when you need to match an MD5 value embedded in a legacy system — file mirror checksums, ETag headers, htpasswd files, MySQL MD5() results — without firing up a CLI. Just remember that "match a legacy value" is the only acceptable modern use case; MD5 is broken for any adversarial setting.
How it works
MD5 (Rivest, RFC 1321) is a Merkle–Damgård hash with a 128-bit output and 64-byte blocks. The message is padded so its length in bits is congruent to 448 mod 512, then the 64-bit message length is appended. Each 512-bit block is processed by 64 rounds of bitwise operations updating four 32-bit registers. The final state, concatenated, is the digest. The algorithm is fast — gigabytes per second on modern CPUs — which is now part of the problem: cracking GPUs run MD5 at tens of billions of hashes per second.
MD5 is comprehensively broken for collision resistance. In 2004 Wang et al. produced practical collisions; today a pair of colliding inputs can be generated in under a second on a laptop. It is still preimage-resistant in practice, but a competent attacker should never see MD5 in a security-critical role.
Examples
Input: "" (empty string)
Output: d41d8cd98f00b204e9800998ecf8427e
Input: "hello"
Output: 5d41402abc4b2a76b9719d911017c592
Input: "The quick brown fox jumps over the lazy dog"
Output: 9e107d9d372bb6826bd81d3542a419d6
Input: "password"
Output: 5f4dcc3b5aa765d61d8327deb882cf99
FAQ
Is MD5 safe for passwords?
Absolutely not. Salted MD5 was crackable a decade ago and is laughably weak today. Use Argon2id, scrypt, or Bcrypt for password hashing.
Can I still use MD5 for file checksums?
Only for accidental-corruption detection (a file mirror, a backup verifier). For tamper detection against an attacker, use SHA-256 or SHA-3.
Why does MD5 still show up?
Two reasons: it is fast and 32 hex characters fit a lot of legacy database columns. ETag headers, MySQL hash functions, htpasswd files, and many file-distribution sites still emit MD5 for back-compat.
What is the chance of a random collision?
Birthday paradox: roughly 2^64 hashes before you expect a collision by chance. Random collisions are still vanishingly unlikely, but engineered collisions are trivial — that distinction is the whole reason MD5 is unsafe for security.