MD5 hashing in Android

md5 encryption and decryption in android example
android sha256 hash
android md5 file
android hash
kotlin md5
android md5 32
md5 hash java
generate hash in android

I have a simple android client which needs to 'talk' to a simple C# HTTP listener. I want to provide a basic level of authentication by passing username/password in POST requests.

MD5 hashing is trivial in C# and provides enough security for my needs but I can't seem to find how to do this at the android end.

EDIT: Just to address the concerns raised about MD5 weakness - the C# server runs on the PCs of the users of my android client. In many cases, they'll be accessing the server using wi-fi on their own LANs but, at their own risk, they may choose to access it from the internet. Also the service on the server needs to use pass-through for the MD5 to a 3rd party application I have no control over.

Here is an implementation you can use (updated to use more up to date Java conventions - for:each loop, StringBuilder instead of StringBuffer):

public static final String md5(final String s) {
    final String MD5 = "MD5";
    try {
        // Create MD5 Hash
        MessageDigest digest =
        byte messageDigest[] = digest.digest();

        // Create Hex String
        StringBuilder hexString = new StringBuilder();
        for (byte aMessageDigest : messageDigest) {
            String h = Integer.toHexString(0xFF & aMessageDigest);
            while (h.length() < 2)
                h = "0" + h;
        return hexString.toString();

    } catch (NoSuchAlgorithmException e) {
    return "";

Although it is not recommended for systems that involve even the basic level of security (MD5 is considered broken and can be easily exploited), it is sometimes enough for basic tasks.

MD5 hashing in Android, Here is an implementation you can use (updated to use more up to date Java conventions - for:each loop, StringBuilder instead of StringBuffer ): public static  The MD5 algorithm is used as a cryptographic hash function or a file fingerprint. Often used to encrypt Often used to encrypt the password in databases, MD5 can also generate a fingerprint file to ensure that a file is the same after a transfer for example. MD5 means a 128-bit encryption algorithm,

The accepted answer didn't work for me in Android 2.2. I don't know why, but it was "eating" some of my zeros (0) . Apache commons also didn't work on Android 2.2, because it uses methods that are supported only starting from Android 2.3.x. Also, if you want to just MD5 a string, Apache commons is too complex for that. Why one should keep a whole library to use just a small function from it...

Finally I found the following code snippet here which worked perfectly for me. I hope it will be useful for someone...

public String MD5(String md5) {
   try { md ="MD5");
        byte[] array = md.digest(md5.getBytes("UTF-8"));
        StringBuffer sb = new StringBuffer();
        for (int i = 0; i < array.length; ++i) {
          sb.append(Integer.toHexString((array[i] & 0xFF) | 0x100).substring(1,3));
        return sb.toString();
    } catch ( e) {
    } catch(UnsupportedEncodingException ex){
    return null;

Converting a String to MD5 Hashes in Android, MD5 stands for 'Message Digest algorithm 5'. The MD5 algorithm is used as a cryptographic hash function or a file fingerprint. Often used to  Android generate md5 hash example The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity.

The code does not work reliably because 0's seem to be cut out of the resulting hash.

A better implementation is here.

public static String MD5_Hash(String s) {
    MessageDigest m = null;

    try {
            m = MessageDigest.getInstance("MD5");
    } catch (NoSuchAlgorithmException e) {

    String hash = new BigInteger(1, m.digest()).toString(16);
    return hash;

MessageDigest, Message digests are secure one-way hash functions that take MD5, 1+. SHA-1, 1+. SHA-224, 1-8,22+. SHA-256, 1+. SHA-384, 1+. SHA-512  MD5 is widely used hash function (cryptographically weak) that produces 128 bit hash value. It is mostly used as a checksum to verify data integrity, but only against unintentional corruption. It is not used for security purpose anymore because it suffer from extensive vulnerabilities(Collision and Preimage vulnerabilities specifically).

If using Apache Commons Codec is an option, then this would be a shorter implementation:

String md5Hex = new String(Hex.encodeHex(DigestUtils.md5(data)));


String shaHex= new String(Hex.encodeHex(DigestUtils.sha("textToHash")));

Source for above.

Please follow the link and upvote his solution to award the correct person.

Maven repo link:

Current Maven dependency (as of 6 July 2016):

<!-- -->

MD5 and SHA256 in Java Kotlin and Android, Compare different options to compute MD5 (or theoretically any other Hash Function such as SHA-1, SHA-256) using Java, Android and Kotlin. Lab1: Hashing (Android Studio) In this tutorial, we will learn to create a hashing application. User can enter some text into the edit textbox, then click the button. The application will show the hash values generated from different hash functions, including MD5, SHA1, SHA256, SHA384 and SHA512.

A solution above using DigestUtils didn't work for me. In my version of Apache commons (the latest one for 2013) there is no such class.

I found another solution here in one blog. It works perfect and doesn't need Apache commons. It looks a little shorter than the code in accepted answer above.

public static String getMd5Hash(String input) {
    try {
        MessageDigest md = MessageDigest.getInstance("MD5");
        byte[] messageDigest = md.digest(input.getBytes());
        BigInteger number = new BigInteger(1, messageDigest);
        String md5 = number.toString(16);

        while (md5.length() < 32)
            md5 = "0" + md5;

        return md5;
    } catch (NoSuchAlgorithmException e) {
        Log.e("MD5", e.getLocalizedMessage());
        return null;

You will need these imports:

import java.math.BigInteger;

Android create MD5 hash, Android/Java convert String to MD5. convert-pass-md5 You can't decrypt => Instead you can convert string (password) to Hash again and compare with  There is a really simple explanation here: it’s actually two hashes, one SHA1 and one MD5 concatenated together. This doesn’t make much sense until you figure in the performance of the early Android smart phones – allowing low powered devices to choose to only use the MD5 hash and speed up the processing of the lock guard.

Android/Java convert String to MD5 · GitHub, Security is always an issue when you connect your application to the web. Here is a nice little method that will let you implement md5  MD5 (128 bit). The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed as a 32 digit hexadecimal number. MD5 has been utilized in a wide variety of security applications. It is also commonly used to check data integrity.

Android Snippet: MAking a md5 hash from a string in Java, MD5 is a widely used cryptographic hash function, which produces a hash of 128 bit. In this article we shall see how will see different  An MD5 hash is created by taking a string of an any length and encoding it into a 128-bit fingerprint. Encoding the same string using the MD5 algorithm will always result in the same 128-bit hash output.

MD5 Hashing in Java, Although MD5 is a widely spread hashing algorithm, is far from being secure, MD5 generates fairly weak hashes. I generate two files in my app on android.

  • Do not use MD5. Use SHA512.
  • i think this is a duplicate of…
  • Why? SHA512 is no harder than MD5. You don't want to be stuck five years from now with legacy clients using MD5.
  • I hope you are using a nonce in your protocol, so you can throw away replay attacks.
  • @NickJohnson : To answer your question why would you deliberately select the weaker option? with another question...why would you feel the need to comment on a question I posted 16 months ago? But if you really want to know (if you look at the comment to SLaks above yours), it was alpha stage code and the PC end (not written by me) used MD5 hashing. The requirement was basically for a pass-through scenario without involving extra complexity. I had about 10 alpha-stage testers at the time who knew the risks. More complex security has been incorporated since I asked the question.
  • Thanks that will do the trick. See my edit for why MD5 will suffice at this stage.
  • Vote this down IMO so the more correct answers below will be surfaced.
  • 0's not catered, as answered below.
  • Updated to use newer java standards (for:each, StringBuilder)
  • Are there any android operating system which have not MD5 implemented (cause throwing of NoSuchAlgorithmException)?
  • Worked for me. I've changed md5.getBytes("UTF-8"). I've checked it with: q4m'x68n6_YDB4ty8VC4&}wqBtn^68W with the above code, the result is 0c70bb931f03b75af1591f261eb77d0b, NOT the c70bb931f03b75af1591f261eb77d0b. 0 is in place
  • Can "m" ever be null on Android, in this case?
  • @androiddeveloper You're totally right. The catch block is poorly implemented here, there needs to be a return statement or there will be a null reference error when m.update is called. Also I'm not sure but whereas this may not strip 0's on the individual bytes, I think it may still strip leading 0's on the entire 32 char hash. Instead of toString(16) I think String.Format("%032X", bigInt) works as intended. Plus you can choose whether you want the hex in upper or lower case ("%032x" for lower).
  • This version is flawed. If your MD5 starts with "0", the generated MD5 will not have a leading 0. Please don't use this solution.