MD5, the Message Digest 5 algorithm, is a widely known hash function that produces a 128-bit value, usually displayed as a 32-character hexadecimal string. Designed in the early 1990s, it was once a standard choice for verifying data integrity and storing password hashes. Its speed and ubiquity made it enormously popular across software, databases, and file distribution.
MD5's cryptographic security is thoroughly broken. Researchers demonstrated practical collision attacks — creating two different inputs that produce the same MD5 hash — years ago, and these attacks have since become fast and easy. This means MD5 can no longer be trusted for anything security-sensitive: digital signatures, certificate integrity, or password storage are all unsafe with MD5.
Despite being broken for security, MD5 remains useful for non-adversarial purposes where you only need to detect accidental changes or deduplicate data. Verifying that a large file downloaded without corruption, generating cache keys, or checking whether two files are identical are all legitimate uses, because these scenarios do not involve an attacker deliberately engineering a collision.
For any security context, MD5 should be replaced. Use SHA-256 or another member of the SHA-2 family for integrity and signatures, and use bcrypt, scrypt, or Argon2 for passwords. When you encounter MD5 in legacy systems, treat its hashes as fingerprints for accidental-error detection only, never as a guarantee against intentional tampering.