MD5 is cryptographically broken for collision resistance. Practical collision attacks have been demonstrated, and it should not be used for digital signatures or security-critical applications. It remains widely used for non-security checksums and data integrity verification where collision resistance is not required.

What is the difference between MD2, MD4, and MD5?

MD2 (1989) is the oldest and slowest, designed for 8-bit machines. MD4 (1990) introduced a faster design but was quickly found to be weak. MD5 (1991) is the most widely used variant, producing a 128-bit digest, though it is now considered cryptographically broken for collision resistance.

Are MD5 hashes safe for passwords?

No. MD5 is designed to be fast, which makes it unsuitable for password storage. Use a slow, purpose-built algorithm such as bcrypt, scrypt, or Argon2 instead.

How does MD5Kit protect my data?

All hashing runs entirely inside your browser. MD4 and MD5 use hash-wasm (a WebAssembly library loaded from CDN), and MD2 uses a custom inlined RFC 1319 implementation. No text, file content, or hash output is ever transmitted to any server.

MD5 Hash Calculator

Text Hash

Hex HEX Base64 Binary

File Hash

Drop a file here or browse

Hex HEX Base64 Binary

Random Hashes

Frequently Asked Questions

What is a cryptographic hash function?

A cryptographic hash function takes an input of any size and produces a fixed-length digest. Three properties define it: determinism (same input always gives the same output), pre-image resistance (you cannot reverse the hash to recover the input), and collision resistance (it is computationally infeasible to find two different inputs that produce the same digest).

Are MD hashes safe for passwords?

No. All MD variants are designed to be fast, which is useful for integrity checking but harmful for password storage — a fast hash lets attackers brute-force millions of candidates per second. For passwords, use a purpose-built slow algorithm: bcrypt, scrypt, or Argon2, all of which incorporate salting and adjustable work factors.

How does MD5Kit ensure privacy?

All hashing runs entirely inside your browser. MD4 and MD5 use hash-wasm (a WebAssembly library loaded from CDN), and MD2 uses a custom inlined implementation of RFC 1319. No text, no file content, and no hash output is ever transmitted to any server. You can verify this by running the tool while offline — it works identically.

What output formats are available?

Hex (lowercase hexadecimal) is the most common format used in tooling and documentation. HEX is the same in uppercase. Base64 encodes the raw digest bytes as a shorter string (standard Base64, using +, /, and = padding) — common in HTTP headers and certificate fingerprints. Binary shows the individual bits of each byte separated by spaces, useful for educational and low-level inspection purposes.

What is MD2?

MD2 (Message Digest 2) was designed by Ronald Rivest in 1989, originally for systems with limited resources such as 8-bit machines. It produces a 128-bit (16-byte) digest, displayed as a 32-character hex string. MD2 is the slowest of the MD family and is considered cryptographically broken — pre-image attacks have been demonstrated. It has no practical use in new systems.

What is MD4?

MD4 was also designed by Rivest in 1990 as a faster successor to MD2, targeting 32-bit machines. It produces a 128-bit digest and introduced design ideas later adopted by MD5, SHA-1, and RIPEMD. MD4 was found to be weak very quickly: full collision attacks exist, and it was deprecated by Rivest himself shortly after MD5 was published. It should not be used for any security purpose.

When are MD2 and MD4 still seen?

Both appear in legacy protocol analysis, forensic tooling, and academic study of hash function evolution. MD4 is still used internally in some older Windows NTLM authentication implementations. Neither should be introduced into any new system — even for non-security uses where MD5 would serve equally well with greater ecosystem support.

Variant comparison

Algorithm	Digest	Year	Status	Notes
MD2	128 bit · 32 hex	1989	Broken	Pre-image attacks demonstrated; obsolete
MD4	128 bit · 32 hex	1990	Broken	Full collision attacks; still in NTLM legacy paths

What is MD5?

MD5 (Message Digest 5) was designed by Ronald Rivest in 1991 as a more secure replacement for MD4. It produces a 128-bit digest and was the dominant hash function for file integrity verification, digital signatures, and checksums throughout the 1990s and 2000s. MD5 is still the most widely encountered hash in practice — you will find it on download pages, software packages, and configuration files worldwide.

Is MD5 still secure?

MD5 is cryptographically broken for collision resistance. Practical collision attacks require only seconds on modern hardware. It should not be used for digital signatures, certificate fingerprints, or any context where an adversary might benefit from crafting a collision. For non-security-critical checksums — verifying accidental corruption of a download, for example — MD5 remains widely accepted and is perfectly adequate.

Can MD5 be reversed or cracked?

MD5 has no known mathematical inverse, but its short 128-bit output and fast computation make it highly susceptible to precomputed rainbow table lookups. For any short or common input, MD5 can often be "reversed" this way within seconds using publicly available databases. This is why MD5 must never be used for passwords or security tokens.

Where is MD5 still used today?

Despite its broken collision resistance, MD5 remains ubiquitous for non-adversarial integrity checks. Linux distributions publish MD5 checksums alongside ISO images, package managers use it for cache validation, and many version control and build systems rely on it for change detection. In these contexts, the goal is detecting accidental corruption rather than resisting deliberate tampering, so MD5's weaknesses are not a concern.