For your reading pleasure, RFC 1321 - The MD5 Message-Digest Algorithm. It's a 128-bit fingerprint that can be encoded in any manner you choose. If the source is encoding the fingerprint as hex, then yes it will always be 32 characters long. If not, then it would be in some format that you could convert to a hex representation which will also be 32 characters long.