Java MD5 Hashing Example
The MD5, defined in RFC 1321, is a hash algorithm to turn inputs into a fixed 128-bit (16 bytes) length of the hash value.
Note
MD5 is not collision-resistant – Two different inputs may producing the same hash value. Read this MD5 vulnerabilities. There are many fast and secure hashing algorithms like SHA3-256 or BLAKE2; For password hashing, we can use Bcrypt or Argon2. If possible, do not use MD5 in any security-related cryptography tasks.
In Java, we can use MessageDigest
to generate the MD5
algorithm.
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] result = md.digest(input);
1. Java MD5 Hashing
This Java example uses MD5
to produce a hash value from a String.
package com.mkyong.crypto.hash;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class MD5Utils {
private static final Charset UTF_8 = StandardCharsets.UTF_8;
private static final String OUTPUT_FORMAT = "%-20s:%s";
private static byte[] digest(byte[] input) {
MessageDigest md;
try {
md = MessageDigest.getInstance("MD5");
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException(e);
}
byte[] result = md.digest(input);
return result;
}
private static String bytesToHex(byte[] bytes) {
StringBuilder sb = new StringBuilder();
for (byte b : bytes) {
sb.append(String.format("%02x", b));
}
return sb.toString();
}
public static void main(String[] args) {
String pText = "Hello MD5";
System.out.println(String.format(OUTPUT_FORMAT, "Input (string)", pText));
System.out.println(String.format(OUTPUT_FORMAT, "Input (length)", pText.length()));
byte[] md5InBytes = MD5Utils.digest(pText.getBytes(UTF_8));
System.out.println(String.format(OUTPUT_FORMAT, "MD5 (hex) ", bytesToHex(md5InBytes)));
// fixed length, 16 bytes, 128 bits.
System.out.println(String.format(OUTPUT_FORMAT, "MD5 (length)", md5InBytes.length));
}
}
Output
Input (string) :Hello MD5
Input (length) :9
MD5 (hex) :e5dadf6524624f79c3127e247f04b548
MD5 (length) :16
Try another String, for example, Hello MD5 Hello MD5
. The input length varies, but the output of the MD5 hash value is still 128 bits, 16 bytes.
Output
Input (string) :Hello MD5 Hello MD5
Input (length) :19
MD5 (hex) :6219b1bc3542949e012616059409f1cc
MD5 (length) :16
2. Java MD5 File Checksum.
For the file checksum, the ideas are the same, but we need some extra IO classes to handle the input stream.
Here is a text file.
Hello MD5
This Java program will generate an MD5 file checksum from a file.
package com.mkyong.crypto.hash;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.DigestInputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class MD5Utils {
private static final Charset UTF_8 = StandardCharsets.UTF_8;
private static final String OUTPUT_FORMAT = "%-20s:%s";
private static byte[] checksum(String filePath) {
MessageDigest md;
try {
md = MessageDigest.getInstance("MD5");
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException(e);
}
try (InputStream is = new FileInputStream(filePath);
DigestInputStream dis = new DigestInputStream(is, md)) {
while (dis.read() != -1) ; //empty loop to clear the data
md = dis.getMessageDigest();
} catch (IOException e) {
throw new IllegalArgumentException(e);
}
return md.digest();
}
private static String bytesToHex(byte[] bytes) {
StringBuilder sb = new StringBuilder();
for (byte b : bytes) {
sb.append(String.format("%02x", b));
}
return sb.toString();
}
public static void main(String[] args) {
String file = "c:\\test\\readme.txt";
System.out.println(String.format(OUTPUT_FORMAT, "Input (file) ", file));
System.out.println(String.format(OUTPUT_FORMAT, "MD5 (checksum hex) ", bytesToHex(checksum(file))));
}
}
Output
Input (file) :c:\test\readme.txt
MD5 (checksum hex) :e5dadf6524624f79c3127e247f04b548
3. Apache Commons Codec
This example uses the commons-codec
library to generate the MD5 hash value.
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.14</version>
</dependency>
3.1 MD5 hash value from a String.
import org.apache.commons.codec.digest.DigestUtils;
String pText = "Hello MD5";
System.out.println(DigestUtils.md5Hex(password));
Output
e5dadf6524624f79c3127e247f04b548
3.2 MD5 hash value from a File.
try (InputStream is = new FileInputStream("c:\\test\\readme.txt")) {
String checksum = DigestUtils.md5Hex(is);
System.out.println(checksum);
} catch (IOException e) {
e.printStackTrace();
}
Output
e5dadf6524624f79c3127e247f04b548
Download Source Code
$ git clone https://github.com/mkyong/core-java
$ cd java-crypto
Hello,
Can you give example of the reduction function for reducing the hash n times? For understanding of how to implement rainbow-tables.
I cannot find anywhere on internet that gives a clear consise code of reducing hash for use again into the MD-hash function.
Regards
Also if to do rainbow table, would you use treeMap to sort by hash and original world?
Hello,
can we have example of reductions of the hash?
How would be store the start and end-hash? Would we use a treeMap so we can sort by hash?
Thanks!
love ur site!
You forgot to close FileInputStream.
Hi .. The string method above isn’t working fine if the string contains a £ sign, don’t know why. On other hand, the function provided in this link http://www.asjava.com/core-java/java-md5-example/ did work fine with £. May be it is something you might be interested to look into.
The world is a fast-changing place. Check out Apache Shiro’s cryptography capabilities.
https://www.youtube.com/watch?v=5ZepGFzYHpE
Hi!!! I really unable to understand why you had
Integer.toString((byteData[i] & 0xff) + 0x100, 16).substring(1)
instead of
Integer.toString((byteData[i] & 0xff), 16)
If it is just for padding zeros you could have checked the length and added a zero. May be I am missing the whole point. Can you pelase help me understand?
Yes, it’s for padding, and It’s just easier syntax than introducing conditional branching.
hello sir,
i want a simple java code to calculate md5 of any input i give from a keyboard
I have 100 file (which are not stored on my computer)that are located on a server and I have path to each one of them, I need a code to calculate the MD5 of each one of the and store it in an excel sheet individually.
Dear Sir,
in this example (ff) variable showing some errors.how to rectify the error. thank you sir.the error was ff cannot be resolved to a variable.
md5 is useful when hashing filenames for some reason. I’ll use this snippet of code to hash imagefile names, it’s temporary for a few weeks and than I’ll remove them. The advantage is that this hash method is less cpu intensive and the chances to have the same hash values are very very small. Furthermore, this is a nice simple example, so using a sha-1 instead of md5 is almost the same. Thank you for your snippet 🙂
Hello, I am wondering why you would use MD5, an algorithm thats has already been broken instead of something like GrandCentral which creates a password digest based on the time of day using SHA-512. GrandCentral also includes the SimpleCrypto class which can generate hashes and checksums using MD5, SHA1, SHA-256, SHA-384 and SHA-512. Just a suggestion. http://code.google.com/p/grandcentral/
MD5 is not broken, it has chance (really small percentage to generate same hash), SHA is always recommended. But, due to the popularity of MD5, many are still using it. This is an example to show you how to use MD5 in Java, again SHA is always recommended. And thanks for your suggested GrandCentral library, it look promising 🙂
Yes, I’m sorry for my poor use of words. I meant that yes it is widely uses do to it’s popularity but there is still a better chance of cracking an MD5 hash rather than an SHA hash. Also thank you for your comment about GrandCentral I am developing it to provide developers with and easy to use tool that they can rely on to perform certain tasks easily. I will be updating later this weekend to v1.2 if you are interested.
sir,
give me suggestion for password hashing using md 5 algorithm in java.
Been moving towards always using SHA hashing myself, especially with recent CPU processor support/improvements being added each generation. Trusty old MD5 doesn’t let down most of the time though.
ya, SHA is recommended because MD5 will causing the collision issue (same checksum for different files).
thank you soo much brother. you are the best.
alguien me dice como desencriptar esta clave E67480325049070253
My friend, thank you very much from Russia !!!!
for (int i = 0; i < byteData.length; i++) {
sb.append(String.format("%02x", byteData[i]));
}
What is the point to generate md5 hash of a password if that cant be reversed?
You save the generated md5 hash in a file or any other method, If someone fojnd it, s/he wont be able to get the original password (except by brute force) … anyway, when you or anyone else enter the password, you hash the entered password and compare it to the md5 you generated previously.
so in breif, instead of comparing the explict passwords to check if they match, you check theirs hashs.
but if i do it over some file it works correctly but if i change its path or location of file its hash changes why me not able to fix this error
Its giving a different hash every time with the same input file which should not be the case with MD5 algorithm. I think there is some problem in this code
What about if you use this:
sb.append(String.format(“%02X”, buffer[i]));
😉
new BigInteger(1, md.digest()).toString(16) should save the loop using stringBuffer
Is there any way convert the digested “e10adc3949ba59abbe56e057f20f883e” key to original password “123456”. If you know please let us know.
Thanks
Wilson.
MD5 is one way digest algorithm, this means that you are not supposed/allowed to convert the hash back to text. I would not suggest you to go with Rainbow tables since you would then have to secure and manage the rainbow table itself, besides the bigger the table gets the higher the seek time gets and is therefore not effective. If you want to encrypt text so that it can be converted back to original text you can try base64encoding with secret key.
You can do this by generating a rainbow table and then comparing the hash with original text. However longer texts will not give the correct output for obvious reasons..!
Idiot.