No. MD5 has been cryptographically broken since 2004, and by 2008 real attacks against SSL certificates had been demonstrated. For any security-sensitive application (signatures, passwords, certificates, tokens) MD5 is unsuitable. For non-security uses such as ETags or cache keys it remains acceptable.

Why is SHA-512 sometimes faster than SHA-256?

SHA-512 internally uses 64-bit words and 1024-bit blocks, while SHA-256 uses 32-bit words and 512-bit blocks. On a 64-bit CPU SHA-512 processes twice the data per instruction compared to SHA-256, so for long messages it can be 30–50% faster. On 32-bit or embedded CPUs the picture flips.

Can I "decrypt" a hash?

No, hash functions are one-way. Anything marketed as an "MD5 decoder" or "SHA-1 reverser" is actually a rainbow-table lookup or a brute-force attempt: the service has a database of hashes for known plaintexts and just searches it. For random or long inputs it does not work.

Which hash is right for passwords?

None from the MD5/SHA family. NIST SP 800-63B and OWASP recommend Argon2id (first choice), with scrypt or bcrypt as alternatives. These algorithms are deliberately slow and memory-hard, so GPUs cannot accelerate them en masse. In PHP, use password_hash() with PASSWORD_BCRYPT or PASSWORD_ARGON2ID .

What is the difference between a hash and an HMAC?

A plain hash computes a message fingerprint, while an HMAC (Keyed-Hash Message Authentication Code, RFC 2104) combines a hash with a secret key, proving integrity and authenticity at the same time. HMAC-SHA-256 powers JWT, AWS request signatures, and many API authentication schemes. Crucially HMAC is structurally safe against length-extension attacks, unlike a naive sha256(secret||message) .

Is there a 100% guarantee that two inputs have different SHA-256 hashes?

Mathematically no — with infinitely many possible inputs and only 2^256 possible outputs, collisions must exist (pigeonhole principle). Practically yes: the probability of finding a collision with random inputs is about 1 in 2^128 ≈ 3.4 × 10^38, more than the estimated number of atoms in the visible universe. No known attack meaningfully shortens that search for SHA-256.

Hash Generator

Enter text and instantly get all common hash values.

Input text

{{ __t('characters') }} · {{ __t('bytes') }}

What is an MD5 hash?

MD5 (Message-Digest Algorithm 5) is a cryptographic hash function that produces a 128-bit hash value (32 hex characters) from input data of any length. MD5 was developed by Ronald Rivest in 1991 and remains one of the most widely recognized hash functions.

Important: MD5 is now considered cryptographically broken and should no longer be used for security-sensitive applications such as password hashing or digital signatures. For these purposes, SHA-256 or SHA-512 are recommended.

Which hash algorithms are supported?

MD5 — 128-bit, 32 hex characters. Widely used for checksums, but cryptographically broken.
SHA-1 — 160-bit, 40 hex characters. Also classified as insecure since 2017.
SHA-256 — 256-bit, 64 hex characters. Part of the SHA-2 family, the current standard.
SHA-384 — 384-bit, 96 hex characters. A truncated version of SHA-512.
SHA-512 — 512-bit, 128 hex characters. The strongest SHA-2 algorithm.

Is this tool secure?

Yes. All calculations run entirely in your browser using the Web Crypto API and JavaScript. No data is sent to a server. You can inspect the source code at any time in your browser's developer tools.

Common use cases

Verify file integrity (compare checksums)
Database indexing and deduplication
Generate cache keys
API signatures and token validation

MD5 vs. SHA-1 vs. SHA-256 vs. SHA-512 — what sets the algorithms apart?

Every cryptographic hash function maps an arbitrary-length input to a fixed-length output. The key differences are output length, internal block size, and round count. MD5 (RFC 1321) processes the message in 512-bit blocks over 64 rounds and outputs 128 bits. SHA-1 (RFC 3174) also uses 512-bit blocks but 80 rounds and outputs 160 bits. SHA-256 (RFC 6234) uses 512-bit blocks and 64 rounds with 32-bit words; SHA-512 uses 1024-bit blocks over 80 rounds with 64-bit words. On 64-bit CPUs SHA-512 is therefore often faster than SHA-256.

Security-wise the picture differs sharply from what raw bit length suggests. An ideal hash function with n-bit output should require about 2^(n/2) attempts before a collision appears (birthday paradox). For MD5 that would theoretically be 2^64 — but in practice researchers have been constructing collisions in seconds on commodity hardware since 2004 (Wang et al.). SHA-1 collisions have been public since the SHAttered attack by Google/CWI in 2017 (around 2^63 operations). SHA-256 and SHA-512 still have no known practical collisions; NIST considers both safe well beyond 2030.

In practice this means: use SHA-256 as the default for integrity checks, digital signatures, HMAC, and Merkle trees. SHA-512 is worth it when you optimize throughput on 64-bit servers, or when you want HMAC-SHA-512 which is structurally less vulnerable to length-extension attacks. MD5 is acceptable only for non-security purposes such as ETag generation, Bloom filter inputs, or cache keys where an attacker cannot benefit from a collision. For passwords none of these algorithms is appropriate — that calls for bcrypt, scrypt, or Argon2id (OWASP Password Storage Cheat Sheet).

Calculating collision probability — the birthday formula

The probability of a hash collision follows the birthday approximation: p ≈ 1 − e^(−k² / (2·2^n)), where k is the number of hashed values and n the bit length. For a 50% collision probability you need roughly k ≈ 1.1774 · 2^(n/2) inputs. Concretely: with MD5 (128 bit) about 2^64 ≈ 1.8 × 10^19 hashes suffice for a 50% collision — and modern collision attacks reach that in seconds. With SHA-1 (160 bit) it is 2^80 ≈ 1.2 × 10^24. With SHA-256 (256 bit) the threshold is 2^128 ≈ 3.4 × 10^38 — astronomical and beyond any conceivable compute. So if you use SHA-256 as a key for 1 billion database rows (k = 10^9), the random collision probability is roughly 1.5 × 10^−21 — effectively zero.

Concrete examples with real hash values

You can reproduce the following values one-to-one in the input above — type the left-hand side exactly and compare with the documented hash:

MD5 of the empty string "" is d41d8cd98f00b204e9800998ecf8427e — the famous "empty MD5", often seen as a fingerprint for empty uploads.
SHA-256 of "hello" yields 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 — exactly 64 hex characters, i.e. 256 bits.
SHA-1 of "abc" is a9993e364706816aba3e25717850c26c9cd0d89d — the reference value from the SHA-1 test vector in RFC 3174, Appendix A.
SHA-512 of "password" starts with b109f3bb... and is 128 hex characters long — never store a password this way, since an attacker with rainbow tables or GPU brute force inverts it in a fraction of a second.
The infamous SHAttered pair from Google/CWI: two different PDFs sharing the same SHA-1 38762cf7f55934b34d179ae6a4c80cadccbb7f0a — the world's first practical SHA-1 collision, published in February 2017.

Limits and pitfalls when using hashes

MD5 has been cryptographically broken since 2004 (Wang/Yu, Crypto 2004) and was used in 2008 to forge SSL certificates — never use it for signatures, certificates, or passwords. SHA-1 has been broken since 2017; all major browsers rejected SHA-1 certificates by 2017 at the latest. SHA-256 and SHA-512 are vulnerable to length-extension attacks when used naively as hash(secret || message) for a MAC — use HMAC (RFC 2104) or SHA-3/Keccak instead. None of the SHA variants is suitable for passwords because they are too fast: a modern GPU computes more than 10 billion SHA-256 hashes per second. NIST SP 800-63B explicitly requires memory- and CPU-hard functions such as Argon2, scrypt, or bcrypt. Finally: hashes are not encryption. They are one-way and cannot be "decrypted" — what you find online as "MD5 decoder" is only a rainbow-table lookup of known plaintexts.

Frequently asked questions about hash functions

Is MD5 still secure?: No. MD5 has been cryptographically broken since 2004, and by 2008 real attacks against SSL certificates had been demonstrated. For any security-sensitive application (signatures, passwords, certificates, tokens) MD5 is unsuitable. For non-security uses such as ETags or cache keys it remains acceptable.
Why is SHA-512 sometimes faster than SHA-256?: SHA-512 internally uses 64-bit words and 1024-bit blocks, while SHA-256 uses 32-bit words and 512-bit blocks. On a 64-bit CPU SHA-512 processes twice the data per instruction compared to SHA-256, so for long messages it can be 30–50% faster. On 32-bit or embedded CPUs the picture flips.
Can I "decrypt" a hash?: No, hash functions are one-way. Anything marketed as an "MD5 decoder" or "SHA-1 reverser" is actually a rainbow-table lookup or a brute-force attempt: the service has a database of hashes for known plaintexts and just searches it. For random or long inputs it does not work.
Which hash is right for passwords?: None from the MD5/SHA family. NIST SP 800-63B and OWASP recommend Argon2id (first choice), with scrypt or bcrypt as alternatives. These algorithms are deliberately slow and memory-hard, so GPUs cannot accelerate them en masse. In PHP, use password_hash() with PASSWORD_BCRYPT or PASSWORD_ARGON2ID.
What is the difference between a hash and an HMAC?: A plain hash computes a message fingerprint, while an HMAC (Keyed-Hash Message Authentication Code, RFC 2104) combines a hash with a secret key, proving integrity and authenticity at the same time. HMAC-SHA-256 powers JWT, AWS request signatures, and many API authentication schemes. Crucially HMAC is structurally safe against length-extension attacks, unlike a naive sha256(secret||message).
Is there a 100% guarantee that two inputs have different SHA-256 hashes?: Mathematically no — with infinitely many possible inputs and only 2^256 possible outputs, collisions must exist (pigeonhole principle). Practically yes: the probability of finding a collision with random inputs is about 1 in 2^128 ≈ 3.4 × 10^38, more than the estimated number of atoms in the visible universe. No known attack meaningfully shortens that search for SHA-256.