PHP.net says that md5() and sha1() unsuitable for password?

Question

http://www.php.net/manual/en/faq.passwords.php#faq.passwords.fasthash

I\'m storing user passwords in a MySQL database in hash form. Does this mean that it is unsafe to d

Answer 1

For a concrete example of why using plain, unsalted MD5 for password hashing is a bad idea, try entering the MD5 hashes of some reasonably common passwords into a site like md5decrypter.co.uk or md5hashcracker.appspot.com or md5this.com. Or just into Google, which indexes most of those sites (and many others too).