Hash Generator

MD5 Hash Generator: Quick Hash Calculator

Generate MD5 hashes from text. MD5 produces a 128-bit (32 hex character) digest. Covers checksum verification and why MD5 is broken for security.

100% client-side. Your data never leaves your browser.

Hashes
MD5
SHA-1
SHA-256
SHA-512

Related Tools

b64
Base64 Encode/Decode

Encode and decode Base64 strings online. Handles UTF-8 text, emoji, and binary data with full round-trip support. No server, no signup.

 ***
Password Generator

Generate cryptographically secure passwords with customizable length, character sets, and entropy indicators. Runs entirely in your browser using the Web Crypto API.

MD5 Hash Generator

The MD5 hash of The quick brown fox jumps over the lazy dog is 9e107d9d372bb6826bd81d3542a419d6. MD5 produces a fixed 128-bit output (32 hex characters) from any input. It is fast, widely supported, and cryptographically broken for security purposes since 2004.

The Hash Result

9e107d9d372bb6826bd81d3542a419d6

You can verify this anywhere:

# Linux / macOS
echo -n "The quick brown fox jumps over the lazy dog" | md5sum

# macOS alternative
echo -n "The quick brown fox jumps over the lazy dog" | md5

# Python
import hashlib
hashlib.md5(b"The quick brown fox jumps over the lazy dog").hexdigest()

# Node.js
const crypto = require('crypto');
crypto.createHash('md5').update('The quick brown fox jumps over the lazy dog').digest('hex');

The -n flag on echo suppresses the trailing newline. Without it, you hash a different string and get a different result.

Why MD5 Is Cryptographically Broken

The fundamental attack is a collision: two different inputs that produce the same MD5 hash. Xiaoyun Wang’s 2004 paper demonstrated this was achievable in a reasonable amount of computation. By 2008, the attack was practical enough that a team of researchers used it to forge a Certificate Authority certificate. They generated a pair of certificate signing requests that collided in MD5, got a legitimate CA to sign one, and had a valid signature that also covered the malicious certificate they had crafted. This allowed them to issue trusted SSL certificates for any domain.

The Flame malware in 2012 used the same technique to make malicious Windows updates appear signed by Microsoft. The collision was computed on a cluster, but the technique was established.

What This Means in Practice

An MD5 collision is a chosen-prefix collision: an attacker can craft two documents with the same MD5 hash, where both prefixes are under the attacker’s control. This is the attack that makes certificate forgery possible. If a system trusts MD5 to verify that document A has not been replaced by document B, that trust is breakable.

Where MD5 Is Still Acceptable

MD5’s broken status applies to adversarial security contexts. Many legitimate uses do not involve an adversary trying to produce collisions:

File deduplication

Storage systems use MD5 to detect duplicate files. An attacker who can upload files with crafted MD5 collisions is a much bigger problem than hash collision risk. Amazon S3 accepts MD5 checksums for upload integrity over the network (bit flip detection, not adversarial verification).

Cache keys and ETags

Web servers frequently use MD5 of file content as an ETag. This is a performance optimization and an accidental deduplication mechanism, not a security guarantee.

Hash table distribution and database sharding

MD5’s output is well distributed and fast. Systems that shard data by hashing a key often use MD5 for this, with no security implication.

Legacy systems

Plenty of code still uses MD5 because it was written before the attacks were demonstrated, or because it has never needed to be changed. If you are reading a digest in a log that says MD5, the question to ask is: what is the actual trust model here?

Where MD5 Must Not Be Used

Password hashing

MD5 is too fast. An attacker with a GPU can compute billions of MD5 hashes per second. Even MD5 with a salt is breakable against a leaked database. Use bcrypt, Argon2, or scrypt, which are deliberately slow and memory hard.

Digital signatures

Signature schemes hash the document before signing. If an attacker can craft two documents with the same hash, they can get a signature on the harmless one and apply it to the malicious one.

TLS certificates

SHA-256 has been required for certificate signatures since 2017. MD5 certificate hashing is rejected by all modern browsers.

File integrity for security downloads

If you publish a SHA-256 checksum alongside a binary, a user can verify that they downloaded exactly what you published. An MD5 checksum cannot provide this guarantee against a motivated attacker.

Comparing MD5, SHA-1, and SHA-256

AlgorithmOutputStatus
MD5128 bits (32 hex chars)Broken. Practical collision attacks since 2004
SHA-1160 bits (40 hex chars)Broken. SHAttered collision attack demonstrated in 2017
SHA-256256 bits (64 hex chars)Secure. No known weaknesses

For non-security checksums where you only need error detection (not adversarial integrity), MD5 is adequate. For anything where an adversary might interfere, use SHA-256. See the SHA-256 hash generator for more on how SHA-256 works.