MD5 Hash Generator - Why

I am planning to implement a MD5 encryption on passwords on my website, but it seems like it's not really that great as there are websites out there like http://md5cracker.org to reveal the password if data was stolen. Is there any better way to protect passwords?
petewinterAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan CraciunIT ConsultantCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
petewinterAuthor Commented:
Many thanks
0
Ray PaseurCommented:
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Dave HoweSoftware and Hardware EngineerCommented:
MD5 is a really old hash standard. even SHA1 is now depreciated, and SHA2 recommended. You should not be implementing anything in MD5 these days, even with salt.
2
Ray PaseurCommented:
@petewinter: Going forward, you might want to leave your questions open a little longer - 24 hours is probably a good minimum expectation.  Most E-E experts are not online at the same time and it sometimes takes a day for us to see the new questions.

In this area of inquiry, there is a lot of written science and depth of understanding, and the field is presently undergoing a revolution.  If you're still using passwords, no matter how you're hashing or storing them, your application is on life-support.  If you want to get into the issues a little more, please post a new question about client authentication and data security, and please don't assume that md5() is either bad or good - just listen to the expert voices and try to make wise choices after you understand the way attacks are being crafted today.  

You don't have to be technical to know it's a huge problem - just read the newspapers.  Target, Snapchat, Nieman-Marcus, the US Government - all have suffered enormous multi-million dollar data losses because their data was exposed and the passwords (and other information) was deciphered.
0
petewinterAuthor Commented:
Thanks for the advice.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.