This is a look-up tool for typical unsalted MD5 cryptographic hashes. The database currently contains 1.1+ trillion passwords.

To use this service, please use the the dedicated API.

Not currently live! It will be soon!

There is a grandtotal of 1,488,531,271 user hash requests made to this database, 294,488,472 are of unique hashes (about 19% of grandtotal). Out of the grandtotal number of requests, 1,101,813,947 were successful or cracked (about 74%). Regardingly only unique hashes, 189,902,938 were successful or cracked (about 64%).

Main article: MD5 Database — Information
Main article: MD5 Database — API

Regular visitors may notice results showing in the table above as being found by "nitrx-gpu", these are cracked locally by GPU power in real time. When a hash you submit is not found, it will be queued for GPU cracking at some point in the future. Only when it is cracked by GPU will your unfound hash become found for the next time it's requested. The moment it gets cracked, it will appear in the table above. Similarly with passwords as "# NOT MD5 #" means the hash was cracked but not using the MD5 algorithm and will not be displayed.

The only data stored as a result of using this tool is the MD5 hash you willingly submit. Invalid form/API inputs are stored for the sake of monitoring unknown/malicious behaviour. Such things like IP addresses, cookies, HTTP headers, anything about you, your client or your connection, etc. are NOT stored.

Do not contact me about hacking or accessing online accounts for any reason. Do not ask to access the list of passwords or hashes users submit. I do not condone any illegal or malicious activity; do not use this tool if that is your intention. Read more in the main article links above.

This page loads an external script from Google called reCAPTCHA v3 which is used to collect behavioural information of requests to determine if they're real users or bots. This information will eventually be used in new and upcoming features to combat automated requests from bots as it may place unwanted load on the server. For more information about Google's reCAPTCHA, please view Google's Privacy Policy and Terms of Service.