MD5 Hash Generator - Why

I am planning to implement a MD5 encryption on passwords on my website, but it seems like it's not really that great as there are websites out there like http://md5cracker.org to reveal the password if data was stolen. Is there any better way to protect passwords?
petewinterAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan CraciunIT ConsultantCommented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
petewinterAuthor Commented:
Many thanks
Ray PaseurCommented:
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Dave HoweSoftware and Hardware EngineerCommented:
MD5 is a really old hash standard. even SHA1 is now depreciated, and SHA2 recommended. You should not be implementing anything in MD5 these days, even with salt.
Ray PaseurCommented:
@petewinter: Going forward, you might want to leave your questions open a little longer - 24 hours is probably a good minimum expectation.  Most E-E experts are not online at the same time and it sometimes takes a day for us to see the new questions.

In this area of inquiry, there is a lot of written science and depth of understanding, and the field is presently undergoing a revolution.  If you're still using passwords, no matter how you're hashing or storing them, your application is on life-support.  If you want to get into the issues a little more, please post a new question about client authentication and data security, and please don't assume that md5() is either bad or good - just listen to the expert voices and try to make wise choices after you understand the way attacks are being crafted today.  

You don't have to be technical to know it's a huge problem - just read the newspapers.  Target, Snapchat, Nieman-Marcus, the US Government - all have suffered enormous multi-million dollar data losses because their data was exposed and the passwords (and other information) was deciphered.
petewinterAuthor Commented:
Thanks for the advice.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.