MD5 Generator
Generate MD5 hashes online — text and files. Also outputs SHA-1, SHA-256, SHA-384 and SHA-512 simultaneously. Hex, Base64 and uppercase output. Hash verification and HMAC included. Note: MD5 is deprecated for security use — use SHA-256 for cryptographic purposes. 100% client-side.
Enter a known hash above — matching algorithm will show Match.
Enter a secret key above to compute HMAC — used for API signatures, webhooks (GitHub, Stripe) and message authentication.
Related Tools
Frequently Asked Questions
What is MD5 and what is it used for today?▾
MD5 (Message Digest 5) is a hash function that produces a 128-bit (32 hex character) digest. It was designed in 1991 and is now considered cryptographically broken — it should never be used for security purposes.
MD5 is still widely used for non-security purposes: verifying file integrity after download (checksums), deduplicating files by content hash, generating cache keys, and creating non-security identifiers. If an MD5 checksum matches, the file transferred correctly — MD5 is perfectly adequate for this use case.
Why is MD5 considered insecure?▾
MD5 has two critical weaknesses:
1. Collision attacks: researchers have demonstrated that two different inputs can produce the same MD5 hash. This was practically exploited to forge SSL certificates in 2008. 2. Speed: MD5 is extremely fast — a modern GPU can compute billions of MD5 hashes per second, making brute-force and rainbow table attacks against MD5-hashed passwords feasible in minutes.
For any security use case (password storage, digital signatures, TLS), use SHA-256 or SHA-512. For password storage specifically, use bcrypt, scrypt, or Argon2.
Can MD5 be decrypted or reversed?▾
No — MD5 is a one-way hash function. There is no algorithm that computes the original input from an MD5 hash.
What you see advertised as 'MD5 decryptors' are rainbow table lookups — precomputed databases mapping common strings and passwords to their MD5 hashes. They only work against short, common, or previously seen inputs. A unique string hashed with MD5 cannot be reversed.
MD5 vs SHA-256 — which should I use?▾
For security purposes (passwords, signatures, tokens): always SHA-256 or stronger. MD5 is broken for security.
For non-security purposes (file checksums, cache keys, deduplication): both work, but SHA-256 is recommended even here since the performance difference is negligible on modern hardware and it future-proofs your implementation.
The main reason MD5 is still used is legacy compatibility — existing systems that already use MD5 checksums.
How do I generate an MD5 hash in JavaScript, Python, and the terminal?▾
JavaScript (browser): the Web Crypto API does not support MD5 (it is considered insecure). Use a library like the md5 npm package: import md5 from 'md5'; md5('text');
Python: import hashlib; hashlib.md5('text'.encode()).hexdigest()
Terminal (macOS): md5 -s 'text' or echo -n 'text' | md5 Terminal (Linux): echo -n 'text' | md5sum