JavaScript MD5 Library (Plus the Perks, Uses, & Examples)

JavaScript MD5 Library (Plus the Perks, Uses, & Examples)

MD5 libraries are often required by JavaScript developers, on either the client or server side, to verify file data. By far, the most popular library is the blueimp-md5 library.



This library implements the MD5 hashing function, which is first used for computing a checksum of file data (or any other data string) and later for validating the file data integrity by comparing the known checksum with a re-computed one.

Below we will explain what MD5 is, but if you are like me and couldn’t care less about the details, you can jump to our client-side and server-side implementation sections.

What is MD5?

MD5 is a standardized 1-way function that allows any data input to be mapped to a fixed-size output string, no matter how large or small the input string is.

Graphic showing inputs, hash functions, and hash sums

A small change in the input drastically changes the output.

All MD5 implementations produce a 128-bit hash value from a data string, which is typically expressed as a 32-digit hexadecimal number.

For example, foo bar baz becomes ab07acbb1e496801937adfa772424bf7.

The same data input will always map to the same output. Identical outputs from different inputs are rare but can happen.

On Linux systems,  md5sum is the command line tool for MD5 hashing. Other operating systems have similar commands.

Let’s have a look at how to do MD5 hashing in the browser (client-side) and in the NodeJS (server-side) environment.

Client-Side Installation and Usage

First, download the md5.min.js library and include it in your HTML:

Next, in your JS application code, you can calculate the hex-encoded MD5 hash of a string by simply calling the md5 method with the string value as an argument:

We will see more examples on using the library API below.

Server-Side Installation and Usage with NodeJS

To use the MD5 library on the server side with NodeJS, first install the blueimp-md5 package:

For a simple example showing how the MD5 package can be used to MD5 hash a query URL string, create a file called server.js with the following code:

Now we can run this NodeJS application:

If you now browse to http://localhost:8080/ you should see the MD5 output of that URL: 37a6259cc0c1dae299a7866489dff0bd.

Browsing to http://localhost:8080/?foo&bar&baz would produce another MD5 hash.

API Examples

The library has only one function, md5(), which can take up to three arguments:

  1. Required: The input string to be MD5 hashed must be present.
  2. Optional: The HMAC key value is used for message authentication using cryptographic hash functions such as MD5 in combination with a secret shared key.
  3. Optional: A boolean value, if set to “true,” encodes the output as a raw string. Otherwise, the output is a hex-encoded string. The hex-encoding is more portable, but the raw string can be simpler to use in some cases.

Let’s go through some code examples of this API:

Calculate the hex-encoded MD5 hash of a given string value:

Calculate the hex-encoded HMAC-MD5 hash of a given string value and key:

Calculate the raw MD5 hash of a given string value:

Calculate the raw HMAC-MD5 hash of a given string value and key:

MD5 Security Warning and Alternatives

Although the security of the MD5 hashing function is now considered weak because it isn’t collision-resistant enough, the MD5 hash function is still very popular for historic reasons and the availability of implementations in all sorts of environments.

If you want to have a more secure hash function, use the SHA 2 or SHA 3 message digest instead of MD5. Crypto-js is a good JavaScript implementation of these hash functions. There are many other implementations on GitHub too.

Ryan Frankel

Questions or Comments? Ask Ryan!

Ask a question and Ryan will respond to you. We strive to provide the best advice on the net and we are here to help you in any way we can.