CiphersOnline
Encryption Online
Hashing
MD5

MD5 Hash Generator

Generate an MD5 hash from text online. Type or paste a message to calculate its 128-bit digest as a 32-character lowercase hexadecimal string, then copy the result. Processing runs locally in your browser, and the algorithm selector lets you compare MD5 with SHA-256, SHA-512, SHA-3, BLAKE2, SHA-1, or CRC32. Use MD5 only for legacy compatibility and non-security checks.

Input
0 chars · 0 bytes
Try:
Hash
✓ Client-side processing only ✓ Input is not sent to server
Examples
Empty string
Input (empty)
Output d41d8cd98f00b204e9800998ecf8427e

The MD5 hash of empty input is a well-known constant.

Plain text
Input hello world
Output 5eb63bbbe01eeed093cb22bb8f5acdc3

Short input produces a fixed 32-character hex string.

Avalanche effect
Input Hello world
Output 3e25960a79dbc69b674cd4ec67a72c62

Changing lowercase h to uppercase H produces a completely different MD5 digest.

Standard MD5 test vector
Input The quick brown fox jumps over the lazy dog
Output 9e107d9d372bb6826bd81d3542a419d6

A widely used test vector for checking that an MD5 implementation returns the expected digest.

What is MD5?

MD5 (Message Digest Algorithm 5) is a hash function designed by Ronald Rivest and published in 1992. It converts input of any length into a fixed 128-bit (16-byte) digest, normally written as 32 hexadecimal characters. This online MD5 calculator displays the result in lowercase hex.

MD5 is deterministic and one-way: identical input bytes produce the same digest, but there is no decryption key that restores the original text. It is hashing, not encryption. MD5 is also cryptographically broken because practical collision attacks can create different inputs with the same digest, so it must not be used for digital signatures, certificates, passwords, or adversarial integrity checks.

Where MD5 is still used—and where it should not be

MD5 remains useful when an existing system specifically requires it or when the goal is a fast, compact identifier rather than protection against an attacker. Examples include legacy integrations, cache keys, ETags, trusted-data deduplication, test fixtures, and reproducing an old MD5 checksum.

Do not use MD5 to prove that hostile content is authentic or unchanged. A malicious party may be able to construct colliding inputs, and a checksum is only trustworthy when the expected value comes through a trusted channel. Prefer SHA-256 or a modern alternative for new integrity-sensitive systems. For passwords, use a dedicated password-hashing function such as Argon2id, scrypt, bcrypt, or PBKDF2 with a unique salt and suitable cost.

How to use the MD5 hash generator
  1. Type or paste the text you want to hash into the input field.
  2. Keep MD5 selected in the algorithm menu.
  3. The generator calculates the digest in your browser and shows a 32-character hexadecimal result.
  4. Use the copy button to place the MD5 hash on your clipboard.

The calculator hashes the exact UTF-8 bytes of your text. Letter case, spaces, punctuation, Unicode characters, and line endings are significant, so preserve them when reproducing or checking a hash. Empty input is valid and produces the standard MD5 empty-string digest. You can switch the menu to compare the same text with SHA-256, SHA-512, SHA-3, BLAKE2, SHA-1, or CRC32.

How the MD5 algorithm works

MD5 encodes the message as bytes, appends padding and the original bit length, and divides the result into 512-bit blocks. Each block passes through 64 steps arranged in four rounds of bitwise operations, modular additions, constants, and rotations. Four 32-bit state words form the final 128-bit digest.

A tiny input change normally produces a very different result—the avalanche effect shown in the examples below. That behavior does not make MD5 collision-resistant: researchers have developed efficient methods for deliberately constructing two different messages with the same digest. MD5 can still detect accidental changes in trusted data, but it is not a secure choice against intentional manipulation.

FAQ

MD5 is cryptographically broken because practical collision attacks can create different inputs with the same hash. Do not use it for digital signatures, certificates, attacker-resistant checksums, or other security decisions. It remains usable for legacy compatibility and non-adversarial identifiers such as cache keys or deduplication fingerprints.

No. Raw MD5 is intentionally fast, so attackers can test enormous numbers of password guesses efficiently. Adding a salt prevents precomputed lookup tables but does not make MD5 slow enough for password storage. Use a maintained implementation of Argon2id, scrypt, bcrypt, or PBKDF2 with a unique random salt and an appropriate work factor.

MD5 is fast, widely implemented, and produces a compact 32-character result. Existing protocols and databases may require it, while non-security tasks such as cache keys, ETags, test vectors, or trusted-data deduplication do not always need collision resistance. Its continued use does not make it suitable for new security-sensitive systems.

The MD5 calculation runs locally in your browser with a JavaScript implementation; the text is not sent to the server for hashing. Avoid placing secrets into any website on a device or browser you do not trust.

No. MD5 is a one-way hash function, so there is no MD5 decoder or decryption key that recovers the original text. A person can guess candidate inputs, calculate each MD5 hash, and compare it with the target. Short, common, or predictable inputs may therefore be discovered, but the algorithm itself is not being reversed.

The tools are probably hashing different bytes. Check uppercase and lowercase letters, leading or trailing spaces, tabs, line endings, Unicode normalization, and whether the other tool expects plain text, hex, Base64, or file bytes. This MD5 generator interprets the input as text, encodes it as UTF-8, and returns lowercase hexadecimal output.

This page hashes text entered in the input field; it does not upload or read files. Pasting a filename hashes the filename itself, not the file contents. To check a file, use an MD5 checksum utility that reads its raw bytes, then compare all 32 hexadecimal characters with a value from a trusted source. For security-sensitive downloads, prefer a published SHA-256 checksum.

MD5 produces a 128-bit digest written as 32 hexadecimal characters and has practical collision attacks. SHA-256 produces a 256-bit digest written as 64 hexadecimal characters and has no known practical collision or preimage attack. Use MD5 only when compatibility requires it; choose SHA-256 or another modern algorithm for new integrity-sensitive applications.
Related tools

HMAC Generator

Generate an HMAC from text with a secret key in your browser.

All Hashing & Password Security →