KonverterTeks

What is a hash? MD5, checksums and why you don't hash passwords with it

Published June 13, 2026

A hash function takes any input — a word, a file, a whole database — and produces a short, fixed-length string called a hash or digest. MD5 always produces 32 hexadecimal characters, whether you feed it one letter or a gigabyte of video. The same input always gives the same output, but the tiniest change to the input scrambles the result completely. That combination is what makes hashing so useful.

Hashing is one-way

Unlike encoding or encryption, a hash cannot be reversed. There is no key that turns the digest back into the original input, because hashing throws information away — many different inputs map to the same fixed-size output. This one-way property is the point: you can prove you know a value by showing its hash, without ever revealing the value itself.

What MD5 is still good for

MD5 is fast and remains perfectly fine as a checksum — a way to detect accidental changes. Download a large file and compare its MD5 against the one the publisher listed; if they match, the file almost certainly arrived intact. It is also handy for spotting duplicate files and as a quick non-security fingerprint or cache key. For catching honest mistakes and corruption, MD5 still earns its keep.

Why never for passwords or security

MD5 is broken for any security use. Researchers can deliberately craft two different inputs that produce the same hash — a collision — which destroys its value for verifying authenticity. And because it is so fast, an attacker can guess billions of passwords per second, hashing each one to compare against a stolen MD5. Modern password storage uses slow, salted algorithms like bcrypt or Argon2 designed specifically to resist this.

  • Good MD5 uses: file checksums, duplicate detection, cache keys, non-security fingerprints.
  • Never use MD5 for: passwords, digital signatures, or anything an attacker would want to forge.
  • For security today, use SHA-256 for integrity and bcrypt or Argon2 for passwords.

You can build intuition with our MD5 generator: hash a word, change a single letter, and watch the entire digest change. Then compare it with Base64, which looks similar but is fully reversible — a side-by-side reminder that a hash and an encoding solve opposite problems. Both run locally, so whatever you type stays on your device.

All articles