What MD5 Is
MD5 is a one-way hash function. It takes any input — a single character, a 10-megabyte file, a million-character document — and returns a fixed 128-bit fingerprint, written as 32 hex characters like 5d41402abc4b2a76b9719d911017c592. Same input always produces the same hash; tiny changes to the input produce a completely different hash.
The Microapp generator computes the MD5 of any text you paste, instantly, in your browser. Your text never leaves your device.
How to Use It
- Paste or type text into the input box.
- The MD5 hash appears immediately in the output — 32 lowercase hex characters.
- Click "Copy" to put the hash on your clipboard.
- Edit the input — even change a single character — and watch the hash recompute. This is the "avalanche effect" that makes hashes useful for change detection.
hello gives:5d41402abc4b2a76b9719d911017c592Capitalize the H —
Hello — and the hash becomes:8b1a9953c4611296a827abf8c47804d7Completely different output for a one-character change. This is why MD5 catches accidental file corruption: any change at all changes the hash.
What MD5 Is Used For (And Where It's Still OK)
File integrity checking. Download a 4 GB ISO from an open-source project; the project publishes the expected MD5 alongside. After download, compute the MD5 of your local file and compare. If they match, the file arrived intact. This is still a perfectly valid use of MD5 — accidental corruption is what MD5 catches well.
De-duplication. Need to find duplicate files in a folder? Hash each file and group by identical hashes. MD5 is fast enough that hashing thousands of files takes seconds.
Cache keys. Need a deterministic, fixed-length identifier for some piece of input? MD5 of the input is a common choice. Same input always produces the same key, lookup is O(1), no collisions in practice for non-adversarial inputs.
Quick fingerprints in logs. Logging "MD5(payload) = abc123…" lets you correlate the same payload appearing in multiple places without storing the payload itself.
What MD5 Is NOT Safe For
Password hashing. If your application uses MD5 to hash user passwords, it is broken. Period. Modern GPUs compute billions of MD5 hashes per second, so an attacker who steals your password database can crack most passwords in hours. Use bcrypt, Argon2, or scrypt instead — they're designed to be slow and memory-hard.
Cryptographic signatures. MD5 is no longer collision-resistant. Researchers have shown how to construct two different inputs that produce the same MD5 — meaning an attacker can swap one document for another while keeping the hash the same. Use SHA-256 or SHA-3 for any signature-related work.
SSL/TLS certificates. Major browsers stopped accepting MD5-signed certificates years ago. If you're issuing certificates, use SHA-256 minimum.
MD5 vs SHA-256 vs Other Hashes
| Hash | Output size | Collision-resistant? | Speed | OK to use for… |
|---|---|---|---|---|
| MD5 | 128 bit (32 hex chars) | No (since 2004) | Very fast | Integrity, dedup, cache keys |
| SHA-1 | 160 bit (40 hex chars) | No (since 2017) | Fast | Same as MD5; use SHA-256 instead |
| SHA-256 | 256 bit (64 hex chars) | Yes | Fast | Anything security-sensitive |
| SHA-512 | 512 bit (128 hex chars) | Yes | Slightly slower than SHA-256 on 32-bit, faster on 64-bit | Same as SHA-256, longer output |
| bcrypt / Argon2 | Variable | Yes (and slow on purpose) | Slow (intentionally) | Password hashing only |
Common Misconceptions
"MD5 is encryption." No. Encryption is reversible (you can decrypt back to the original given a key). MD5 is one-way — you cannot recover the input from the hash. The only "decryption" is brute force or rainbow-table lookup of pre-computed common inputs.
"MD5 produces a unique hash for every input." In theory two inputs can collide (produce the same hash). In practice, you'll never accidentally see a collision — the 128-bit space is too large. The problem is that attackers can deliberately craft collisions, which is what makes MD5 unsafe for security uses.
"Adding a salt makes MD5 secure for passwords." Salting prevents rainbow-table attacks but doesn't slow down the hash computation. A salted MD5 password is still cracked in hours by a modern GPU. The slowness of bcrypt/Argon2 is what protects passwords, not the salt.
Related Tools
For the more secure modern alternative, use the SHA-256 Generator. To encode binary data for transmission rather than fingerprint it, the Base64 Encoder/Decoder is the right tool. To generate strong passwords (which should never be hashed with MD5), see the Password Generator.