MD5 (Message-Digest Algorithm 5) is an old cryptographic hash function that produces a 128-bit (32-character hex) 'hash' or 'checksum'. It was designed in 1991 and is now considered completely insecure.

Is MD5 secure? Can it be used for passwords?

No. MD5 is **not secure** and must **NEVER** be used for passwords. It is 'broken' and vulnerable to 'collision attacks'. Passwords hashed with MD5 can be cracked in seconds using 'rainbow tables'. Always use SHA-256 or a modern algorithm like Argon2 or bcrypt for passwords.

What is an MD5 collision?

A 'collision' is when two different inputs (e.g., two different files) produce the *exact same* MD5 hash. Practical MD5 collision attacks have been public since 2005. This means MD5 cannot be trusted for digital signatures or to prove a file is unique, as a malicious file can be created with the same MD5 hash as a safe one.

What is MD5 still used for?

The only legitimate (non-security) use for MD5 today is as a **file checksum**. It can be used to verify that a file has not been *accidentally* corrupted during a download or transfer. It provides no protection against *malicious* tampering. For security, always use SHA-256.

MD5 Hash Generator (Insecure)

Online calculator for the broken MD5 hash (checksum).

Input Text

Mode

Output

Your Security Matters: Client-Side Processing

All operations happen in your browser.
Your data, images, files, keys, or passwords are never stored or sent to our servers.
We don't track or monitor your generated content.

What is MD5? (And Why Is It Insecure?)

MD5 (Message-Digest Algorithm 5) is a one-way hash function that produces a **128-bit** (32-character hexadecimal) string, known as an **MD5 hash** or **MD5 checksum**. It was created in 1991.

CRITICAL WARNING: MD5 IS BROKEN AND INSECURE.
This tool is provided for educational and legacy purposes only. **You MUST NOT use MD5 for security.**

DO NOT use MD5 for passwords. Passwords hashed with MD5 can be "cracked" in seconds using pre-computed "rainbow tables."
DO NOT use MD5 for digital signatures. The algorithm is critically vulnerable to "collision attacks."

Why is MD5 broken? A hash function is secure only if it's "collision-resistant." A collision is when two different inputs create the *same hash*.

Practical, easy-to-run collision attacks against MD5 have been public knowledge since 2005. It is now trivial for an attacker to create a malicious file (like a virus) that has the **exact same MD5 hash** as a safe file. This makes it useless for security verification.

The Only Valid Use for MD5 Today:

File Checksum: Its only remaining use is to generate a **checksum** to verify file integrity against *accidental* corruption (e.g., a bad download). It provides **zero protection** against intentional, malicious tampering.

For all security needs, **you must use SHA-256 or SHA-512**.

MD5 Hash Examples

Loading MD5 examples...

MD5 Key Concepts & Warnings

🚫

NEVER Use MD5 for Passwords

We repeat: **NEVER** use MD5 for password storage. It is not "hashing" in a secure sense; it is a liability. An attacker with your MD5-hashed password database can crack most of them instantly. Use **SHA-256** with a salt, or better yet, a modern algorithm like **Argon2** or **bcrypt**.

✅

MD5 is for Checksums, Not Security

A "checksum" is used to verify data integrity against *accidental* errors (like a network glitch or disk error). An MD5 checksum is fine for this. It is **not** a "security" feature, as it cannot protect against a *malicious* attacker, who can easily create a collision.

⚖️

MD5 vs. SHA-256

MD5: 128-bit (32-char) output. Broken, fast, insecure, high collision risk.
SHA-256: 256-bit (64-char) output. Secure, slower (a feature), no known practical collisions.

For any modern application, **SHA-256 is the minimum standard.**