If I wrote a program that required user logins, and instead of using an actual encryption algorithm I just had the user input the password, compute the MD5 sum of that, and compare it against the MD5 sum of the actual password, how secure would that be?

------------------
Kurt Weber
Shell scripts? Shell scripts? We don't NEED no stinkin' shell scripts!
White, heterosexual, middle-class, and proud!

A proven-reasonably-secure one-way cryptographic hash (such as md5) is the best way to confirm a password because the password itself is never stored.

Is this a networked, client/server app? Is the MD5 digest done on the client? We need more info.

------------------
- Klamath
Get my GnuPG Key Here (http://klamath.dyndns.org/mykey.asc)
Looking for an open source project to contribute to? Check out the BBB (http://bbb.sourceforge.net)