SHA is better, less chance of being brocken through brute force. Yet you could easy have a encryption key (word) that you append to the end of say the passwords and then md5hash it. Then when you compare a login to the database entry you just append again as the word wont change and then hash.
That makes it alot harder as they wont be able to use a dictionary and would need to know the key.
|