> Too fast, it still allows dictionary attacks rather easily (yes I know that > users should choose good passwords, but some won't). > > md5^500 (500 rounds of md5), or however many takes about 0.5 seconds on a fast The hashing should be computationally adjusted and should be adjusted on each box to be barely tolerable. There should also be a salt value of course. An attacker shouldnt be allowed to precompute md5^(big num) and later do the (actual num - big num) md5's for your particular system. > -- Jon