diff --git a/shadowsocks-csharp/Encryption/CryptoUtils.cs b/shadowsocks-csharp/Encryption/CryptoUtils.cs
index 0f96abe8..6b50769f 100644
--- a/shadowsocks-csharp/Encryption/CryptoUtils.cs
+++ b/shadowsocks-csharp/Encryption/CryptoUtils.cs
@@ -3,28 +3,27 @@ using Org.BouncyCastle.Crypto.Digests;
 using Org.BouncyCastle.Crypto.Generators;
 using Org.BouncyCastle.Crypto.Parameters;
 using System;
+using System.Security.Cryptography;
+using System.Threading;
 
 namespace Shadowsocks.Encryption
 {
     public static class CryptoUtils
     {
+        private static readonly ThreadLocal<MD5> Md5Hasher = new ThreadLocal<MD5>(System.Security.Cryptography.MD5.Create);
+
         public static byte[] MD5(byte[] b)
         {
-            MD5Digest md5 = new MD5Digest();
-            md5.BlockUpdate(b, 0, b.Length);
-            byte[] r = new byte[16];
-            md5.DoFinal(r, 0);
-            return r;
+            var hash = new byte[EncryptorBase.MD5Length];
+            Md5Hasher.Value.TryComputeHash(b, hash, out _);
+            return hash;
         }
         // currently useless, just keep api same
         public static Span<byte> MD5(Span<byte> span)
         {
-            byte[] b = span.ToArray();
-            MD5Digest md5 = new MD5Digest();
-            md5.BlockUpdate(b, 0, b.Length);
-            byte[] r = new byte[16];
-            md5.DoFinal(r, 0);
-            return r;
+            Span<byte> hash = new byte[EncryptorBase.MD5Length];
+            Md5Hasher.Value.TryComputeHash(span, hash, out _);
+            return hash;
         }
 
         public static byte[] HKDF(int keylen, byte[] master, byte[] salt, byte[] info)