MD5 Hash Generator

Compute the 128-bit MD5 digest of any text

Generate the 128-bit MD5 hash of any text entirely in your browser. Useful for checksums and legacy compatibility, with a clear note that MD5 is not safe for passwords or security. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

What is an MD5 hash?

MD5 is a hash function that turns any input into a fixed 128-bit value, shown as 32 hexadecimal characters. The same input always produces the same digest, which makes it useful for checksums.

What MD5 produces

MD5 takes any text or byte stream and produces a fixed 128-bit value, displayed as 32 hexadecimal characters. The same input always yields the same digest, and a tiny change in the input produces a completely different output — a property known as the avalanche effect. That determinism makes MD5 convenient for checksums, deduplication, and cache keys, but its cryptographic weaknesses mean it is unsuitable for any security-sensitive purpose.

How MD5 works

MD5 processes the message in 512-bit blocks. Before processing, the input is padded so its bit-length is congruent to 448 modulo 512, then the original 64-bit length is appended. Each 512-bit block updates four 32-bit state words — conventionally called A, B, C, and D — through 64 operations grouped into four rounds of 16 steps each:

  • Round 1 uses the auxiliary function F(B,C,D) = (B AND C) OR (NOT B AND D)
  • Round 2 uses G(B,C,D) = (B AND D) OR (C AND NOT D)
  • Round 3 uses H(B,C,D) = B XOR C XOR D
  • Round 4 uses I(B,C,D) = C XOR (B OR NOT D)

Each step also adds a per-step constant derived from sin(i) and applies a left-rotate by a specified amount. The final digest is the concatenation of A, B, C, D output in little-endian byte order. This implementation runs entirely in JavaScript, so it matches any standard MD5 library byte-for-byte.

What MD5 is still good for

MD5 remains entirely appropriate for non-adversarial uses:

  • Deduplication — comparing MD5s of files to find duplicates where an attacker is not involved
  • Cache keys — hashing a URL or query string to look up a cached response
  • Checksums against accidental corruption — detecting a corrupted download where no adversary is trying to forge the file (though SHA-256 is still preferred here)
  • Legacy integrations — systems that store or transmit MD5 hashes for historic compatibility

What MD5 must never be used for

  • Passwords — use bcrypt, scrypt, or Argon2, all of which are specifically designed to be slow and salted
  • Digital signatures — collisions can be crafted, allowing two different documents to share the same MD5
  • Certificate fingerprints — SHA-256 or SHA-384 only
  • Any context where an attacker controls the input — this is when the collision vulnerability becomes dangerous

MD5 in legacy systems and databases

Despite its broken cryptographic status, MD5 is still widely encountered in existing systems. If you are auditing a user database and find 32-character hex strings in the password column, those are almost certainly MD5 hashes — with no salt and no stretching. The remediation path is to prompt users to reset their passwords, hashing the new ones with bcrypt or Argon2, and to maintain the old MD5 hash only for the transition period.

MD5 is also common as a file deduplication key in content management systems and object stores. In this usage, an attacker forging a collision is not a concern — you are comparing files to eliminate redundant copies, not verifying provenance. The same logic applies to cache keys built from request parameters: MD5 distributes uniformly and is fast, making it practical for this purpose even in 2024.

Reference values

  • Empty string: d41d8cd98f00b204e9800998ecf8427e
  • abc: 900150983cd24fb0d6963f7d28e17f72
  • hello world: 5eb63bbbe01eeed093cb22bb8f5acdc3

Use these to confirm that any MD5 tool is computing the correct result. Everything here runs in your browser; nothing is uploaded.