MD5 password: how to hash a password and when MD5 is wrong
"MD5 password" usually means one of two reader jobs: hash a known password string into a 32-hex fingerprint, or recover the original password from a hash. The first is a one-shot job an MD5 converter handles in seconds. The second is impossible in general - and for real password storage, MD5 is the wrong primitive entirely.
Last reviewed: 2026-05-23
| Reader intent behind "MD5 password" | What MD5 actually does | Where to go |
|---|---|---|
| "Hash my password string into MD5 so I can store or compare it" | One-shot hashing of text up to 990 characters into a 32-hex digest. Same input always yields the same output. | https://freetoolonline.com/developer-tools/md5-converter.html (To MD5 button) |
| "I have an MD5 hash and want the original password" | Not possible by design. A dictionary lookup may succeed if the same string was previously paired - it will fail for any input the dictionary has never seen. | When MD5 lookup actually works |
| "I am storing user passwords in a database" | Wrong primitive. MD5 is fast and unsalted by default, both properties that make offline brute-force feasible on modern hardware. | Pick bcrypt, argon2id, or scrypt |
| "I need a fingerprint of a config string or short payload" | MD5 is acceptable for non-adversarial fingerprints: cache keys, dedup IDs, ETags, short integrity checks. | https://freetoolonline.com/developer-tools/md5-converter.html (To MD5 button) |
| "Why can the website not give me the original back?" | MD5 is a one-way trapdoor function. The math walkthrough explains why no inverse exists. | Why MD5 cannot be decrypted |
How to hash a password string with MD5
Open the MD5 converter, paste your password string into the top text area, and click the To MD5 button. A 32-hex digest appears immediately - the same input always produces the same output, which is why MD5 works as a fingerprint. The text area accepts up to 990 characters, which covers any realistic password length plus an optional salt prefix you concatenate by hand before hashing. The result is suitable for non-adversarial uses like dedup keys, cache identifiers, and short integrity checks where you just need a stable short identifier for a longer string. The original password text never appears in the digest - the 128-bit output is a one-way fingerprint, not an encrypted form of the input.
Why MD5 is the wrong tool for storing user passwords
Password storage is an adversarial context: an attacker who steals the password database tries to recover plaintext passwords for the stolen hashes. MD5 fails badly at this job for two reasons. First, MD5 is fast - a single modern GPU computes billions of MD5 digests per second, which means a stolen database of MD5-hashed passwords can be brute-forced against a dictionary of common passwords in hours, not centuries. Second, MD5 has no built-in salt: identical passwords across users produce identical digests, so a single dictionary lookup attacks every user with the same password at once. The fix is not to "stronger MD5" - the fix is to switch to a primitive built for password storage. Bcrypt, argon2id, and scrypt are deliberately slow (configurable work factors that scale with hardware) and require per-user salts by construction. The dedicated alternatives guide explains which one fits which web login, API key, or token flow.
What "MD5 password" lookup sites actually do
Sites that claim to "decrypt MD5 password" or "reverse MD5" do not run MD5 backwards - no such operation exists. What they actually do is look the 32-hex hash up in a precomputed dictionary of strings that have been hashed before. The lookup succeeds when the password is common enough to appear in the dictionary (most top-10000 password lists are exhaustively pre-hashed) and fails for any password unique enough that no one has hashed it before. The MD5 converter on this site exposes the same lookup as its To Text button - paste a 32-hex hash, click the button, and the dictionary returns the matching plaintext if a pair exists. The lookup is a fingerprint match against historical data, not a cryptographic reverse computation. For unique or random passwords the dictionary returns nothing - that is the expected behaviour, not a bug.
When MD5 of a password is acceptable
Outside of authentication, MD5 of a password-shaped string can be a reasonable choice. If you need a stable short identifier for a long string - the cache key for a tenant-scoped API endpoint, the dedup ID for a job queued by user submission, the ETag for a small text payload - MD5 fits because it is fast and produces a fixed-width 32-hex string. The properties that make MD5 unsafe for authentication (speed, no salt) are exactly the properties that make it useful for fingerprinting. The rule of thumb: if an attacker who guesses the input would gain something from a successful guess, do not use MD5. If the input is operationally non-secret and you just need a short stable identifier, MD5 is fine.
Frequently asked questions
Can I MD5 a password and use the result as the stored password?
You can technically do this, but you should not. A stolen MD5 password database is functionally equivalent to a plaintext password database for any common password, because GPU brute force against a dictionary recovers most of them in hours. Use bcrypt, argon2id, or scrypt instead - they are designed for this job.
Is MD5 of "password" the same on every site?
Yes. MD5 is a deterministic function: the same input always produces the same 32-hex digest. The MD5 of "password" is 5f4dcc3b5aa765d61d8327deb882cf99 on every site, in every tool, in every language - that is exactly the property that makes unsalted MD5 unsafe for password storage and useful for fingerprinting.
How do I add a salt before MD5-hashing a password?
Concatenate the salt string with the password string before pasting into the converter: salt + password or password + salt, your choice. The resulting hash is salted in the sense that the same password with a different salt produces a different digest. But this is still MD5 - salt only blocks the dictionary attack, not the brute-force attack on the salted pair itself. Use bcrypt or argon2id, which combine salt and slow work factor in one primitive.
The "decrypt" button on the MD5 converter returned my password - is MD5 broken?
No. The To Text lookup returned a match because your password was previously paired with that hash in the dictionary. If you paste a password no one else has hashed - a random 12-character string, for example - the lookup returns nothing. The "decrypt" wording is convenient shorthand for the lookup operation; the cryptography itself is still one-way.
What length of password makes MD5 lookup fail?
Any password long and random enough that no dictionary has it. In practice, a fully random 12-character password from a 70-character alphabet has roughly 2^74 possible values - far beyond any practical dictionary. A 6-character password from the lowercase alphabet has 26^6 about 309 million values, which fits comfortably in a precomputed dictionary. Length and randomness, not the choice of MD5 vs SHA-256, determine whether the lookup succeeds.