Why You Should Never Use MD5 for Passwords

Storing passwords with MD5 is one of the most common — and most dangerous — security mistakes. Here's why, and what to do instead.

Reason 1: MD5 is broken

MD5 has known collision attacks. It was never designed to withstand modern attackers and should be considered cryptographically dead.

Reason 2: fast hashes are the wrong tool

Even a secure fast hash like SHA-256 is wrong for passwords. The problem is speed. MD5 and SHA-256 are built to be fast, which means an attacker with a stolen database can try billions of guesses per second on a GPU.

Password hashing should be deliberately slow to make brute-forcing impractical.

Reason 3: no salt by default

Without a unique random salt per password, identical passwords produce identical hashes, and attackers can use precomputed "rainbow tables" to reverse them instantly.

What to use instead

Purpose-built password hashing functions:

• argon2 — the modern recommendation (winner of the Password Hashing Competition).
• bcrypt — battle-tested and widely available.
• scrypt — memory-hard, also solid.

These are intentionally slow, salt automatically, and let you tune the cost as hardware improves.

The rule

• Passwords → bcrypt or argon2, never MD5/SHA.
• File integrity, checksums → SHA-256 is fine. See what is a hash function.

Note

The hash generator is great for checksums and learning — but real password storage belongs in a proper auth library using bcrypt or argon2.