MD5 Hash
Free online MD5 hash tool. Text/file/batch/HMAC-MD5 modes, UTF-8/Latin1, uppercase, 8-char grouping. ⚠️ MD5 is broken — do NOT use for password storage.
Free online MD5 hash tool. Text/file/batch/HMAC-MD5 modes, UTF-8/Latin1, uppercase, 8-char grouping. ⚠️ MD5 is broken — do NOT use for password storage.
MD5 is used for file integrity checks (verifying downloads), fast deduplication, cache keys, and legacy system compatibility. It outputs 128-bit (32 hex chars) and is very fast, suitable for non-security scenarios.
MD5 outputs 128-bit (32 hex), is very fast but broken. SHA-256 outputs 256-bit (64 hex), is slower but has no practical collision attacks, and is preferred for security-critical uses.
SHA-256 ToolMD5 is extremely fast — modern GPUs can compute billions of hashes per second, and rainbow tables make quick work of common passwords. Use bcrypt, scrypt, or Argon2 for password storage.
Password GeneratorAbsolutely NOT for security (digital signatures, passwords, TLS). But for non-security uses (file corruption checks, dedup, cache keys), MD5 is still fine because attackers have no incentive to create collisions.
MD5 is one-way and cannot be reversed mathematically, but rainbow tables and brute force can recover weak passwords in seconds. This is why MD5 must never be used for password storage.
No. The tool uses chunked incremental reading — files are not loaded entirely into memory, so even multi-GB files process smoothly with a responsive UI.
HMAC-MD5 is a keyed hash that requires a secret key. While plain MD5 is broken, HMAC-MD5 is still secure when the key is unknown (though migration to HMAC-SHA256 is recommended).
HMAC GeneratorMD5 (Message-Digest Algorithm 5) is a 128-bit hash function designed by Ronald Rivest in 1991 (RFC 1321), producing a fixed 32-character hexadecimal digest from arbitrary input. Widely used for digital signatures, certificate verification, and password storage, MD5 was broken by Wang et al.'s collision attack in 2004, and Flame malware exploited MD5 collisions to forge a trusted CA certificate in 2008.
**Security status**: NIST formally deprecated MD5 for digital signatures in SP 800-131A (2011). However, MD5 remains useful for non-security scenarios: file integrity checks against accidental corruption, data deduplication, and cache keys. The key question: would an attacker benefit from creating a collision? If not, MD5's speed is an advantage.
**Never use MD5 for password storage**: MD5 is extremely fast (billions of hashes/sec on GPU), allowing instant brute-force on common passwords. Password storage MUST use bcrypt, scrypt, or Argon2 — slow hashes with configurable cost factors that make brute-force infeasible.
**HMAC-MD5 is still secure**: although plain MD5 is broken, HMAC-MD5 (keyed hash message authentication code) remains secure when the key is unknown because HMAC construction does not directly rely on the hash's collision resistance. Migration to HMAC-SHA256 is still recommended.
The tool uses a pure JavaScript MD5 implementation (Web Crypto API no longer supports MD5). All computation happens locally in your browser — files use chunked incremental reading and are never uploaded.
| Algorithm | Output | Hex Length | Security | Speed | Recommended Use |
|---|---|---|---|---|---|
MD5 | 128-bit | 32 chars | ❌ Broken (collisions/preimage) | Extreme | File checksums, dedup, cache keys |
SHA-1 | 160-bit | 40 chars | ❌ Collisions (2017) | Fast | Git, legacy compat |
SHA-256 | 256-bit | 64 chars | ✅ Secure | Medium | Digital signatures, certs, blockchain |
SHA-512 | 512-bit | 128 chars | ✅ Secure | Fast (64-bit) | High-security, key derivation |
bcrypt | - | 60 chars | ✅ Password-specialized | Slow (configurable) | Password storage |
| Year | Event | Impact |
|---|---|---|
1991 | Ron Rivest designs MD5 (RFC 1321) | Replaces MD4, becomes mainstream |
1996 | First pseudo-collision flaw discovered | Academic community raises concerns |
2004 | Wang et al. demonstrate MD5 collision attack | MD5 digital signatures completely broken |
2008 | Flame malware forges CA certificate via MD5 collision | NIST officially deprecates MD5 for signatures |
2011 | NIST SP 800-131A bans MD5 for security uses | US government systems phase out MD5 |
2024 | New preimage attack published | MD5 last line of defense breached |
// Note: Web Crypto API does NOT support MD5 (deprecated)
// Use SHA-256 instead for new projects
async function sha256(message) {
const msgBuffer = new TextEncoder().encode(message);
const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer);
return Array.from(new Uint8Array(hashBuffer)).map(b => b.toString(16).padStart(2,'0')).join('');
}
sha256('Hello World').then(console.log);
// MD5 in Node.js using crypto module
const crypto = require('crypto');
const md5 = crypto.createHash('md5').update('Hello World').digest('hex');
console.log(md5); // b10a8db164e0754105b7a99be72e3fe5import hashlib
text = 'Hello World'
md5_hash = hashlib.md5(text.encode('utf-8')).hexdigest()
print(md5_hash) # b10a8db164e0754105b7a99be72e3fe5
# File MD5 (chunked for large files)
def md5_file(filepath, chunk_size=8192):
md5 = hashlib.md5()
with open(filepath, 'rb') as f:
while chunk := f.read(chunk_size):
md5.update(chunk)
return md5.hexdigest()
# HMAC-MD5
import hmac
hmac_md5 = hmac.new(b'secret-key', b'Hello World', hashlib.md5).hexdigest()
print(hmac_md5)import java.security.MessageDigest;
import java.nio.charset.StandardCharsets;
public class MD5Example {
public static String md5(String input) throws Exception {
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] hash = md.digest(input.getBytes(StandardCharsets.UTF_8));
StringBuilder sb = new StringBuilder();
for (byte b : hash) sb.append(String.format("%02x", b));
return sb.toString();
}
public static void main(String[] args) throws Exception {
System.out.println(md5("Hello World"));
// b10a8db164e0754105b7a99be72e3fe5
}
}
// Note: Use SHA-256 for new code: MessageDigest.getInstance("SHA-256")