It’s 2012 and there are still an awful lot of high-profile websites leaking users’ passwords. Someone manages to snatch the database table, and then they crack the passwords, which are more often than not encrypted with weak MD5 or SHA1 hashes. It’s not enough…and the beginner tutorials encouraging this behavior aren’t helping.

If you are going to store passwords, you need to be using a slower hashing algorithm with salting, the preferred option being bcrypt. An modern, run-of-the-mill computer can generate an MD5 hash in well under 1/1000 of a second. That means a script can try over 1000 guesses at a password per second. In contrast, bcrypt with a cost of 12 takes a second and a half. (This informal test was conducted on my aging Core 2 Duo machine.) It would take exponentially longer to guess a password at that rate.

A modern server can calculate the MD5 hash of about 330MB every second. If your users have passwords which are lowercase, alphanumeric, and 6 characters long, you can try every single possible password of that size in around 40 seconds. — Coda Hale

If an attacker wanted to get fancy, they could use GPUs to crack passwords an order of magnitude faster than current CPUs, or buy a bunch of instances on Amazon EC2 and parallelize it that way. Those fast hashes don’t seem to secure now, do they?

Here are a few articles on the subject that are well worth reading if you’re going to build a web application that requires user registration: