Is MD5 still safe to use?

For cryptography, no. Collisions have been demonstrated since 2004. Use SHA-256 or SHA-512 for signatures, certificates, and password storage. For non-security tasks — file integrity checks, cache keys, deduplication — MD5 is still fine.

Why is my MD5 output 32 characters?

MD5 produces a 128-bit digest, which is 16 bytes. In hex (2 chars per byte) that's 32 chars. In Base64 it's 22 chars plus padding.

Can I decrypt an MD5 hash?

No. Hash functions are one-way — given a hash, there is no algorithmic way to recover the input. 'MD5 decrypt' services actually do dictionary lookups: they've hashed millions of common passwords and look for a match. Our Hash Lookup tool (coming soon) covers that use case explicitly.

Does MD5 handle Unicode correctly?

Yes. We encode text as UTF-8 bytes before hashing, which is the standard behaviour. Emoji, Chinese characters, and any Unicode input hash consistently with other UTF-8-based MD5 implementations.

How does MD5 compare to SHA-256?

SHA-256 is cryptographically secure (no known collisions), produces a 256-bit digest (64 hex chars vs 32 for MD5), and runs about 2× slower. For anything security-related, prefer SHA-256. For speed-critical non-security hashing, MD5 is still reasonable.

MD5 Hash Generator

Compute the MD5 digest of any string in the browser.

Hashing runs in your browser. Text and files never leave your device.

MD5 · 128-bit digest · fast but not cryptographically safe

Text input

Hash each line separately

MD5 hash

—

0 chars · lowercase hex

File input

Hash any file up to 500 MB. Processed locally — the file never uploads.

Click to pick a file

Similar tools

Base64 Encoder/Decoder

Encode and decode Base64 text and files, URL-safe variant included.

URL Encoder/Decoder

Percent-encode and decode URLs or just components.

HTML Encoder/Decoder

Escape and unescape HTML entities in any string.

What is an MD5 Hash Generator?

MD5 (Message Digest algorithm 5) is a cryptographic hash function that takes an input of any length and produces a 128-bit (16-byte) digest, conventionally shown as a 32-character hexadecimal string. The algorithm was designed by Ron Rivest in 1991 and was the workhorse hash of the 1990s and early 2000s. You'll still see it everywhere: at the bottom of software download pages, inside .torrent files, in git blob IDs (actually SHA-1, but MD5 is the direct ancestor), in database systems like MySQL's MD5() column function, and in network protocols that have not been updated in a decade.

MD5 is broken for cryptographic use. Collisions — two different inputs that produce the same hash — have been publicly demonstrated since 2004. In 2012, the Flame malware used an MD5 collision attack to forge a Windows Update signing certificate. The practical implication: you should never use MD5 for digital signatures, password storage, SSL/TLS certificates, or any system where an attacker might benefit from two inputs hashing to the same value. Use SHA-256 or SHA-512 instead for those cases. Modern password hashing should use Argon2, bcrypt, or scrypt — slow, memory-hard functions designed for that purpose.

MD5 is still perfectly usable for non-security tasks. File integrity checks against accidental corruption — someone downloaded a file; did all the bits arrive? — are a classic MD5 use case and still work fine, because random corruption never produces a collision. Cache keys in a CDN or in-memory cache often use MD5 because it's fast and the hash is small. Deduplication systems hash content to detect duplicates; again, MD5's cryptographic weakness is irrelevant because the "attacker" is random noise, not a motivated adversary. Git used to use SHA-1 and is migrating to SHA-256 for similar integrity reasons.

This generator runs MD5 in your browser. Text input is hashed as UTF-8 bytes, so Unicode round-trips correctly. File input is hashed directly from the browser's ArrayBuffer — the file never uploads; we never see the bytes. That matters when you're verifying the integrity of a downloaded installer or an email attachment: send the hash to the recipient over a different channel (call, SMS, chat) and they can re-hash their copy to confirm nothing was tampered with in transit.

Output format: the canonical MD5 representation is lowercase hex (32 characters, like 9e107d9d372bb6826bd81d3542a419d6). Some systems prefer Base64 (22 characters) — toggle the output option above to switch. Both encode the same 128 bits; the choice is purely about display.

How to generate an MD5 hash

Paste or type text. Any length, any Unicode. The hash recomputes as you type.
Or choose a file. The file hashes locally; larger files take longer but never upload.
Pick hex or Base64. Hex is the standard; Base64 is shorter when you need to embed the hash in a URL or short identifier.
Copy the result. One click to clipboard. Compare against a reference hash to verify integrity.

Features

Text and file hashing in your browser (no upload, up to 500 MB files).
UTF-8 safe for Unicode text.
Hex (32 chars) or Base64 (22 chars) output.
Fast — MD5 hashes about 600 MB per second on modern hardware.
Live hash update as you type.

Frequently asked questions

Is MD5 still safe to use?: For cryptography, no. Collisions have been demonstrated since 2004. Use SHA-256 or SHA-512 for signatures, certificates, and password storage. For non-security tasks — file integrity checks, cache keys, deduplication — MD5 is still fine.
Why is my MD5 output 32 characters?: MD5 produces a 128-bit digest, which is 16 bytes. In hex (2 chars per byte) that's 32 chars. In Base64 it's 22 chars plus padding.
Can I decrypt an MD5 hash?: No. Hash functions are one-way — given a hash, there is no algorithmic way to recover the input. 'MD5 decrypt' services actually do dictionary lookups: they've hashed millions of common passwords and look for a match. Our Hash Lookup tool (coming soon) covers that use case explicitly.
Does MD5 handle Unicode correctly?: Yes. We encode text as UTF-8 bytes before hashing, which is the standard behaviour. Emoji, Chinese characters, and any Unicode input hash consistently with other UTF-8-based MD5 implementations.
How does MD5 compare to SHA-256?: SHA-256 is cryptographically secure (no known collisions), produces a 256-bit digest (64 hex chars vs 32 for MD5), and runs about 2× slower. For anything security-related, prefer SHA-256. For speed-critical non-security hashing, MD5 is still reasonable.