Share via

How do I calculate a MD5 hash from a string?

  • Article
  • 10/09/2006

It is a common practice to store passwords in databases using a hash. MD5 (defined in RFC 1321) is a common hash algorithm, and using it from C# is easy.

Here’s an implementation of a method that converts a string to an MD5 hash, which is a 32-character string of hexadecimal numbers.

 public string CalculateMD5Hash(string input)
{
    // step 1, calculate MD5 hash from input
    MD5 md5 = System.Security.Cryptography.MD5.Create();
    byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
    byte[] hash = md5.ComputeHash(inputBytes);
 
    // step 2, convert byte array to hex string
    StringBuilder sb = new StringBuilder();
    for (int i = 0; i < hash.Length; i++)
    {
        sb.Append(hash[i].ToString("X2"));
    }
    return sb.ToString();
}

An example call:

 string hash = CalculateMD5Hash("abcdefghijklmnopqrstuvwxyz");

…returns a string like this:

 C3FCD3D76192E4007DFB496CCA67E13B

To make the hex string use lower-case letters instead of upper-case, replace the single line inside the for loop with this line:

 sb.Append(hash[i].ToString("x2"));

The difference is the ToString method parameter.

[author: Jani Järvinen, C# MVP]

Comments

  • Anonymous
    October 09, 2006
    Also you can use FormsAuthentication.HashPasswordForStoringInConfigFile(string, "MD5"), The class is located in System.Web.Security namespace.

  • Anonymous
    October 15, 2006
    The team needs your help debugging the new Visual Studio 2005 Service Pack 1 Beta . I've written about

  • Anonymous
    September 23, 2007
    Summary Gravatar (Globally Recognized Avatar) provides a simple way to add avatars to community based

  • Anonymous
    November 03, 2009
    The comment has been removed

  • Anonymous
    October 05, 2010
    You shouldn't be converting to ASCII as this loses information. In fact, any of the other currently existing encodings from System.Text.Encoding would have been fine.

  • Anonymous
    October 06, 2010
    I have to agree with Rik, suggesting ASCII decoding is not what I would expect from CSharpFAQ. Also noting that MD5 is not the securest choice would not hurt.

  • Anonymous
    December 16, 2010
    can someone please decrypt for me 44edff8f24d01ed30f591f0a1fb6890d and email me @ crosby.samantha@gmail.com when you have the results

  • Anonymous
    December 21, 2010
    Hi Samantha, I decrypted 44edff8f24d01ed30f591f0a1fb6890d and it says: "Are you really that stupid Samantha? Seriously – do us all a favor and unplug your computer now! You are so stupid, that you try to drown fish. You are so dumb, blondes tell jokes about you."

  • Anonymous
    April 21, 2011
    The comment has been removed

  • Anonymous
    October 28, 2011
    The comment has been removed

  • Anonymous
    April 08, 2012
    could you tell me what it means? 16e68521ce378acce7e8e4f72e9270c7 thank you! please help me, it's important for me!

  • Anonymous
    April 26, 2012
    this is a joke. i am looking for the actual md5 algorithm.

  • Anonymous
    September 15, 2012
    The comment has been removed

  • Anonymous
    September 18, 2012
    Blog de programacion http://insanedev.blogspot.mx/

  • Anonymous
    September 21, 2013
    The comment has been removed

  • Anonymous
    November 03, 2013
    You should be using Encoding.UTF8 -- for all ASCII characters the result will be the same -- but it will also convert Unicode characters properly as well.

  • Anonymous
    November 21, 2013
    Thank you for this, I was struggling to figure out how to calculate a has for a specified string. You rock dude!

  • Anonymous
    April 25, 2014
           public static string ToHash(this string @value)        {            return new StringBuilder().                ToString(MD5.Create().                             ComputeHash(Encoding.ASCII.GetBytes(@value)));        }        private static string ToString(this StringBuilder @builder, byte[] hash)        {            for (var i = 0; i < hash.Length; i++)                @builder.Append(hash[i].ToString("X2"));            return @builder.ToString().ToLower();        } test - Console.WriteLine("test".ToHash());

  • Anonymous
    May 20, 2014
    If you use byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes("Häsch dünü €4 Ovo hüt scho chaa?"); you'll get into trouble because your string contains non-ASCII characters but you force the encoding to be ASCII. In this case you probably get a question mark (0x3F) or another replacement character for each non ASCII character. You better use utf-16 because a string is also a wchar array or you use utf-8.

  • Anonymous
    July 20, 2014
    var hash=MD5.Create().ComputeHash(input); var sb=new StringBuilder(); foreach(var h in hash) { sb.Append(h.ToString("X2")); }

  • Anonymous
    February 18, 2015
    This article is well past its use-by date. Do NOT use MD5, and do NOT use unsalted hashes. Infact if you aren't even aware why this is bad, I would argue you shouldn't be handling password security at all.  Security is something that can lead to disaster when done badly.

  • Anonymous
    May 21, 2015
    The comment has been removed