MD5 checksum generator

Compute MD5 checksums of text or files — free, local, in your browser. Fine for corruption checks; never for security. Details below.

drop a file here or browse any size · read locally, never uploaded
MD5

the hash appears here — type above or drop a file


Broken since 2004 — and still everywhere

MD5's collision resistance fell in 2004, when researchers produced two different inputs with the same hash on commodity hardware. Today generating MD5 collisions takes seconds on a laptop, and chosen-prefix collisions — two meaningful files of the attacker's design sharing one hash — are a documented, weaponized technique; one forged a working certificate authority in 2008. Treat any security use of MD5 as a bug: no passwords, no signatures, no "is this file trustworthy" decisions.

What MD5 is still honestly good for

Catching accidents. Bit rot, truncated downloads, a copy interrupted halfway — random corruption changes an MD5 with near certainty, and no accident crafts a collision. Deduplicating files you already trust, matching a legacy system's checksum column, checking an old mirror's MD5SUMS file (the batch tool imports those): all reasonable. The rule of thumb: MD5 defends against bad luck, never against people.

Recognizing one

32 hexadecimal characters — the shortest of the mainstream digests. hello hashes to 5d41402abc4b2a76b9719d911017c592; try it above. Found a 32-character string and want confirmation? The hash identifier reads lengths and formats for you.

Verifying a download that only lists MD5

Verify it anyway — corruption detection is worth having — but understand what you proved: the file matches what the site published, not that the site is honest. Drop the file above and paste the expected value into the compare field, or use the verify tool. Then, if you get a say in the matter, ask the publisher for SHA-256 — the reasons are laid out in MD5 vs SHA-256.

questions

Is MD5 secure?

No — and it hasn't been for a long time. Collisions have been practical since 2004 and can now be generated in seconds on a laptop. Never use MD5 for passwords, signatures, certificates, or anything an attacker might touch. For spotting accidental file corruption it still works.

Why do download sites still publish MD5 checksums?

Habit, old tooling, and the fact that MD5 remains fine for its narrowest job: confirming a download wasn't truncated or corrupted in transit. It cannot prove the file is authentic — anyone who can swap the file can swap the published hash, and could even craft two files sharing one MD5.

Can an MD5 hash be decrypted?

No — hashing isn't encryption, and there's nothing to decrypt. But short or common inputs (like passwords) can be found by lookup table, which is one more reason MD5 must never protect secrets. The hash identifier explains what a pasted hash likely is.

What does an MD5 checksum look like?

32 hexadecimal characters (16 bytes). For example, the MD5 of hello is 5d41402abc4b2a76b9719d911017c592 — type it above and watch it appear.

Should I use MD5 or SHA-256?

SHA-256, in almost every case — it's the modern standard and computes quickly on today's hardware. The full breakdown is in MD5 vs SHA-256.