MD5 is NOT enough!
Yes, you hear that right. One-way hashing for password is not enough. With Google, you can now search for hashes and find the original string. There's some catch though:
- this works for common passwords, strong passwords are unlikely be common, and unlikely be available.
- this works for hashed-only passwords. Add some salt and very likely you won't be able to search for the original string either.
For example, a search for "20f1aeb7819d7858684c898d1e98c1bb" will return a lot of result stating that the original string is "Anthony". Very convenient.