MD5 Generator
MD5 of any text or file, instantly. 32 hex characters per hash. Useful for ETags, deduplication, and verifying file integrity against accidental corruption — but not for anything where an attacker is in scope. See "what about security" below.
What MD5 is good for
- ETag generation — HTTP cache validation. MD5 of file content is a common cache key.
- Deduplication — finding identical files in a backup; identical content → identical MD5.
- Checksums — verifying a download didn't get corrupted in transit. Note: this only catches accidental corruption, not malicious tampering.
- Test vectors and fixtures — generating stable, deterministic identifiers for test data.
- UUID v3 — MD5-derived deterministic UUIDs (see guid.tooljo.com/uuid-v3).
What MD5 is not good for
- Cryptographic signatures — collisions are trivially findable. SHA-256 is the modern default.
- Password hashing — use bcrypt / argon2id; never any plain hash function.
- Tamper detection by an attacker — they can produce a different file with the same MD5. Use SHA-256 + signature.
- Anything new — start with SHA-256 and only fall back to MD5 if you're constrained by an existing system.
Format reference
- Hex:
5d41402abc4b2a76b9719d911017c592(32 chars, 16 bytes × 2) - Base64:
XUFAKrxLKna5cZ2REBfFkg==(24 chars, padded) - Base64url:
XUFAKrxLKna5cZ2REBfFkg(no padding)
Need a different algorithm? See SHA-256, SHA-512, or all algorithms at once. For the deeper "which hash to pick" question, read our guide.
FAQ
Is MD5 still safe to use?
For security purposes — no. Cryptographic collisions have been demonstrated since 2004; you can find two distinct inputs with the same MD5 in seconds on modern hardware. For non-security uses (ETags, deduplication, fingerprinting, checksums against accidental corruption) MD5 is still fine and very fast.
Why is the MD5 output 32 characters?
MD5 produces 128 bits of output. As hex, that's 32 characters (4 bits per character). As base64, it's about 22 characters; as base64url with padding stripped, also ~22.
How does this MD5 implementation work in the browser?
Web Crypto deliberately doesn't expose MD5 because of its broken security properties. We ship a self-contained ~80-line MD5 implementation based directly on RFC 1321, which runs entirely in your browser. It's been validated against the test vectors in the RFC.
What about MD5 of a file?
Pick a file with the file picker — it's read into memory and the full bytes are MD5-hashed. For very large files (>500 MB), use the command line: md5sum <file> on Linux, md5 <file> on macOS.
Why does my MD5 not match the one from another tool?
Three common reasons: (1) trailing newline — copying text from a file usually adds a final \n that isn't visible. (2) Encoding — UTF-8 vs Latin-1 differ for non-ASCII characters. (3) Line endings — \r\n (Windows) vs \n (Unix) yield different hashes. This tool always hashes UTF-8 bytes, no auto-trimming.