Encrypting(MD5) multiple times can improve security?

Question

I saw some guy who encrypt users password multiple times with MD5 to improve security. I\'m not sure if this works but it doesn\'t look good. So, does it make sense?

Answer 1

Hashing a password is not encryption. It is a one-way process.

Check out security.stackexchange.com, and the password related questions. They are so popular we put together this blog post specifically to help individuals find useful questions and answers.

This question specifically discusses using md5 20 times in a row - check out Thomas Pornin's answer. Key points in his answer:

• 20 is too low, it should be 20000 or more - password processing is still too fast
• There is no salt: an attacker may attack passwords with very low per-password cost, e.g. rainbow tables - which can be created for any number of md5 cycles
• Since there is no sure test for knowing whether a given algorithm is secure or not, inventing your own cryptography is often a recipe for disaster. Don't do it