MD5 is the easy case, and that makes it the perfect place to learn. It is fast, unsalted, and cryptographically retired, so a GPU shreds it at billions of guesses per second and most passwords stored this way fall in seconds. Learning to crack MD5 teaches the whole workflow with none of the frustration of a slow hash, and it makes painfully clear why MD5 should never hold a password again. Tested on hashcat 7.1.2.
TL;DR
MD5 is hashcat mode -m 0. The command is hashcat -m 0 -a 0 hashes.txt rockyou.txt. MD5 is a 32-character hex string (visually identical to NTLM, distinguished by source). Because it is fast and unsalted, a single GPU tries billions per second, so a wordlist cracks most real passwords instantly, and even brute force is viable for short ones. "MD5 decrypt" sites do not decrypt anything; they look your hash up in a table of already-cracked values. The real lesson: MD5 is fine for checksums, never for passwords, store a bcrypt or Argon2 hash instead.
Identify it
A raw MD5 hash is 32 hexadecimal characters with no prefix:
8743b52063cd84097a65d1633f5c74f5This is indistinguishable from NTLM by sight. Context decides: a web application database is most likely MD5 (-m 0); a Windows credential dump is NTLM (-m 1000). See identifying a hash type when in doubt.
Crack it
Put the hash in a file and point hashcat at a wordlist:
echo '8743b52063cd84097a65d1633f5c74f5' > md5.hash
hashcat -m 0 -a 0 md5.hash rockyou.txtIt cracks essentially instantly:
8743b52063cd84097a65d1633f5c74f5:hashcat
Status...........: Cracked
Hash.Mode........: 0 (MD5)
Recovered........: 1/1 (100.00%) DigestsAdd rules to catch the decorated passwords (Password1, p@ssw0rd) in the same run:
hashcat -m 0 -a 0 md5.hash rockyou.txt -r rules/best66.ruleBecause MD5 runs at billions of guesses per second on a GPU, you can be aggressive: after wordlists and rules, a mask attack for known shapes finishes quickly, and a full brute force of short passwords is genuinely feasible, an eight-character lowercase space is cracked in about a second.
Salted MD5 is a different mode
Plain MD5 (-m 0) is unsalted. Many applications hash md5(salt + password) or md5(password + salt), which are different hashcat modes even though the underlying function is still MD5:
| Construction | hashcat -m |
|---|---|
md5(pass) | 0 |
md5(md5(pass)) | 2600 |
md5(salt.pass) | 20 |
md5(pass.salt) | 10 |
WordPress/phpBB phpass $P$ | 400 |
Salting defeats precomputed rainbow tables and forces the attacker to crack each hash individually, but it does not make MD5 slow. A salted MD5 still runs at GPU speed, so weak passwords still fall fast. Salt fixes one weakness (precomputation), not the fundamental one (speed).
The truth about "MD5 decrypt" sites
Search for an MD5 hash and you will find sites promising to "decrypt" or "reverse" it. They cannot. MD5 is one-way; there is no decryption. What those sites actually do is look your hash up in a giant database of previously-cracked hash-to-password pairs. If your password was common enough to have been cracked by someone before, you get a hit; if not, nothing. It is a useful free first check for fast unsalted hashes, and useless against anything salted or uncommon. It is a lookup, not a decryption, and not a substitute for understanding the workflow.
Why MD5 must never store a password
MD5 has been cryptographically broken for collision resistance since the mid-2000s, but that is not even the relevant flaw here. For passwords, the disqualifying property is speed: a hash you can compute billions of times per second is a hash an attacker can guess billions of times per second. Add the lack of an inherent salt and an MD5 password table is barely an obstacle.
If you are storing passwords, treat any MD5 in your database as already compromised and migrate to a slow, salted hash. The how-to is in storing a bcrypt hash in MySQL, Argon2 in MySQL, and the MD5 storage article (which covers storage mechanics, not password security; MD5 is fine for the checksums and dedup keys it was built for, just never for a password).
Where to go next
- The other 32-hex hash: cracking NTLM.
- The opposite extreme: cracking bcrypt (and why it is millions of times harder).
- The techniques: wordlists · rules · masks.
- The defender's side: store an MD5 hash in MySQL (checksums, not passwords).
Sources
Authoritative references this article was fact-checked against.
- hashcat, example hashes and modes (official)hashcat.net
- MD5 (Wikipedia)en.wikipedia.org
- NIST SP 800-63B, Digital Identity Guidelinespages.nist.gov
