ToolActToolAct

File MD5 Verification Tool

Calculate the MD5 hash of a file and verify its integrity

Upload File

Drag and drop file here

Supports any file type and size

Verify Checksum

What is File MD5?

MD5 (Message-Digest Algorithm 5) is a widely used hash algorithm that maps any file content to a fixed-length 128-bit (32 hexadecimal characters) digest. Any tiny change in file content produces a completely different MD5 value. The File MD5 Verification Tool is commonly used to verify file integrity, ensuring files have not been tampered with or corrupted during transfer or download. File MD5 is commonly used to check quickly whether a file stayed unchanged or matches a published checksum. The algorithm is fast and widely supported, but known collision attacks mean it is no longer suitable for cryptographic trust decisions. MD5 may still appear in legacy download checks, simple duplicate detection, or compatibility workflows. For security-relevant integrity verification, SHA-256 or stronger algorithms should be preferred, and checksums should be obtained from a trusted source.

How to Use

How to use

  1. Click the upload area or drag a file onto the page
  2. Click the 'Calculate MD5' button
  3. Wait for the calculation to complete and view the MD5 value
  4. You can enter a known MD5 value in the verify section to compare

Verification Limits

  • MD5 is useful for quick file identity checks, but it is not collision-resistant enough for security-sensitive verification.
  • For downloads or releases, compare hashes from a trusted source and prefer SHA-256 when available.

Use Cases

Generate a legacy MD5 checksum for a fileSelect a file and calculate its 128-bit MD5 with progress feedback, then copy the lowercase hexadecimal digest for systems that still require this legacy checksum. The file is read into a Blob and hashed entirely inside the browser - it is never uploaded, so the calculation works on private documents or vendor samples without sending the content anywhere.
Compare a file against an expected MD5Paste a known MD5 value and verify whether the generated 32-character digest matches. That covers transfer checks, vendor requirements, duplicate detection, and old release archives that still publish MD5 values. Use stronger algorithms when the checksum affects trust or security - MD5's known collision attacks make it unsuitable for tamper evidence.
Avoid using MD5 as a security guaranteeThe tool fits compatibility work and fast integrity checks, but MD5 is collision-broken since Wang Xiaoyun's 2004 attack, and the 2012 Flame malware demonstrated real-world MD5 collision forgery against Microsoft code signatures. For security-sensitive verification, switch to the file-hash tool with SHA-256 or stronger. The local-only design keeps the file content on your device - only the digest moves between the page and the comparison field.
Match MD5 against mirror downloadsOpen-source mirrors and older firmware pages still publish MD5 sums for each release. Generate the 32-character digest for the downloaded file and confirm it matches the listed string before flashing a device or installing the artifact. Lowercase versus uppercase hex is a frequent silent mismatch, so the comparison is done on normalized form.
Step up to SHA-256 for anything trust-relatedMD5 is fine for spotting accidental corruption (a flipped bit still produces a totally different 128-bit digest), but the same digest can be forged by an attacker. Switch to the SHA-256 or SHA-512 option whenever the checksum comes from a third party and the file is used in production - SHA-256 is collision-resistant and remains the standard for signed releases.

Technical Principle

MD5 is the Message-Digest Algorithm 5 defined in RFC 1321 (Ron Rivest, 1992). It produces a 128-bit / 16-byte digest displayed as 32 hexadecimal characters. The algorithm follows the Merkle-Damgård construction: the input is padded so its bit length is congruent to 448 mod 512 (a single 1 bit followed by zeros), the original length is appended as a 64-bit little-endian integer, and the padded message is split into 512-bit blocks. Each block updates a 128-bit internal state (A, B, C, D) initialized to the constants A = 0x67452301, B = 0xEFCDAB89, C = 0x98BADCFE, D = 0x10325476, by running 64 rounds in four groups of 16 that apply the bitwise functions F(x,y,z) = (x AND y) OR ((NOT x) AND z), G(x,y,z) = (x AND z) OR (y AND (NOT z)), H(x,y,z) = x XOR y XOR z, and I(x,y,z) = y XOR (x OR (NOT z)), each combined with a per-round constant T[i] = floor(2^32 * abs(sin(i+1))) and a left rotation. The final state concatenated little-endian is the digest. The MD5 of the empty input is d41d8cd98f00b204e9800998ecf8427e and is a useful sanity check. Web browsers do not expose MD5 through crypto.subtle (the W3C Web Crypto specification deliberately omits it because of collision attacks), so this tool uses a pure-JavaScript MD5 implementation that runs entirely in the browser. The file is loaded into memory as an ArrayBuffer and the 16-byte digest is computed in one pass and rendered as 32 lowercase hexadecimal characters. Because the work runs on the main thread, hashing a multi-gigabyte file ties up that thread until the digest is ready; for very large files prefer a desktop tool that streams the bytes from disk. MD5 is cryptographically broken for collision resistance. Wang Xiaoyun and Yu Hongbo published the first practical collision attack in 2004 (CRYPTO 2005), reducing collision cost to about 2^39 operations. In 2008 Sotirov et al. used chosen-prefix collisions to forge a rogue intermediate CA certificate, and in 2012 the Flame state-level malware used a previously unknown chosen-prefix MD5 collision to forge a Microsoft Terminal Server Licensing code-signing certificate. NIST disallowed MD5 for digital signatures in SP 800-131A in 2011; CMU CERT issued vulnerability note VU#836068 calling MD5 'unsuitable for further use'. MD5 is still acceptable for accidental-corruption detection (a flipped bit still flips ~64 of the 128 output bits via the avalanche property) and duplicate-file detection on trusted inputs, but it must not be used where an attacker controls or can predict either input.

  • MD5 produces a 128-bit / 16-byte digest, encoded as 32 lowercase hexadecimal characters; specified in RFC 1321 (Rivest, 1992).
  • Initial state constants A = 0x67452301, B = 0xEFCDAB89, C = 0x98BADCFE, D = 0x10325476; 64 rounds in four groups of 16 using the F/G/H/I bitwise functions and per-round constants T[i] = floor(2^32 * |sin(i+1)|).
  • MD5 of the empty input is d41d8cd98f00b204e9800998ecf8427e - a quick sanity check that the hashing pipeline returns a valid digest.
  • Browsers do not expose MD5 via crypto.subtle (W3C Web Crypto omits it on purpose); this tool uses a pure-JavaScript MD5 implementation that loads the file as an ArrayBuffer, computes the 16-byte digest in one pass, and renders it as 32 lowercase hex characters.
  • Memory profile: the whole file content is read into a single ArrayBuffer before hashing, so multi-gigabyte files require corresponding browser-tab memory; for files larger than your tab can hold, use a desktop tool (md5sum, certutil -hashfile, Get-FileHash) that streams from disk.
  • Collision attacks: Wang and Yu (2004) ~2^39 ops; Sotirov et al. (2008) chosen-prefix collision used to forge a rogue CA cert; Flame malware (2012) used a chosen-prefix collision to forge a Microsoft code-signing certificate.
  • NIST SP 800-131A disallowed MD5 for digital signatures in 2011; MD5 is acceptable for non-adversarial integrity checks and duplicate detection only - switch to SHA-256 or stronger whenever the checksum affects trust.

Examples

Empty file MD5 (well-known constant)

File: empty.txt (0 bytes)

MD5: d41d8cd98f00b204e9800998ecf8427e

This value is the MD5 of an empty input -> a quick sanity
check that the hashing pipeline works end to end.

(RFC 1321 reference vector for the empty string.)

Verify a downloaded installer

File: setup.bin (3 bytes, contents: abc)
Computed MD5:  900150983cd24fb0d6963f7d28e17f72
Vendor MD5:    900150983cd24fb0d6963f7d28e17f72

Match -> file copied or downloaded correctly.
Mismatch -> re-download, the bytes were corrupted in transit.

(The MD5 value is the RFC 1321 reference vector for the 3-byte
input 'abc'. Replace the input with the real installer in
practice; the algorithm output is deterministic.)

Compare two document versions

report-v1.txt  (0 bytes)  -> MD5: d41d8cd98f00b204e9800998ecf8427e
report-v2.txt  (3 bytes, contents: abc)
                               -> MD5: 900150983cd24fb0d6963f7d28e17f72

Different hashes = different content. Even a one-character change
gives a fully different MD5, which is how integrity checks work.

(Both values are RFC 1321 MD5 reference vectors.)

Hello world string vs file

MD5("hello")    = 5d41402abc4b2a76b9719d911017c592
MD5("hello\n")  = b1946ac92492d2347c6235b4d2611184

A trailing newline changes the digest, so a file named hello.txt
with that content but no final \n matches the first line, and
one saved with a final \n matches the second line. This is a
common gotcha when comparing against a published MD5 that was
produced on a different operating system.

FAQ

Is the file uploaded to a server?

No. MD5 is computed locally in your browser using the File API. The bytes are read into memory in chunks and hashed without leaving the device. You can confirm in the Network tab while running the hash.

Is MD5 still safe to use?

Not for security. MD5 has been broken since 2004 - collisions can be generated quickly, so it must not be used for digital signatures, password storage, or anti-tamper checks. It remains useful as a quick checksum to detect accidental corruption (download mistakes, disk errors).

Why do I sometimes see lowercase and sometimes uppercase MD5?

MD5 produces 128 bits = 16 bytes = 32 hex characters. Whether those hex characters are written in upper or lowercase is purely a display choice; the underlying bytes are identical and any verifier should compare case-insensitively.

How big a file can I hash here?

Modern desktop browsers handle several GB before they run out of memory. Mobile browsers are tighter - hundreds of MB is typical. For very large files use a system command (md5sum on Linux, certutil -hashfile on Windows, md5 on macOS), which streams from disk.

Why does my MD5 differ from another tool's output?

Almost always because the input is different by a byte: different line endings (CRLF vs LF), a UTF-8 BOM, trailing whitespace, or a different file version. The hash itself is deterministic, so identical input produces identical output across all conforming MD5 implementations.

What's the difference between MD5 of text and MD5 of a file?

MD5 hashes bytes, not characters. 'MD5 of text' first encodes the string (commonly as UTF-8) and then hashes those bytes; 'MD5 of a file' reads the file's bytes directly. The same string saved as UTF-8 versus UTF-16 will produce different MD5 values.

Can I use MD5 to detect duplicate files?

Yes, with the caveat that MD5's known collisions mean a malicious actor could craft two different files with the same MD5. For accidental duplicate detection (photos, downloads), MD5 is fast and reliable enough. For trustworthy deduplication, use SHA-256.