Difference between DES and MD5.

I noticed that while there are many websites offer online cracking facilities for both LM and MD5 passwords, why is it there are none for DES?

And even though MD5 can be secured by adding a salt to the password before hashing them, most sites don't. Doesn't this makes MD5 a mostly insecure encryption format?

I've done a google search on this topic, and it seems that some people favor DES over MD5 for their encryption, other than Blowfish, SHA and several other formats.

So, i want to ask this question: Why is it that the fact that MD5 and DES are both insecure, lots of sites and applications still use them for their cryptography needs?

And is it true that the best way to crack a DES password is by brute forcing it compared to cracking it using a wordlist?

md5 is not an encryption its a hashing algorithm, that means once used u cant decrypt the data. That makes it useless if its not for password protection.

DES is an encryption and became a standard long time ago, and today its useless! first of all because of the insufficient key length (and the NSA worked on it :P), but answering your question will be hard ^^.

why do people use old things instead of new once ? why is FAT32 still so widely used ? why do some admin's use textfiles instead of databases ?

could be that no one knows better…

sacman wrote: md5 is not an encryption its a hashing algorithm, that means once used u cant decrypt the data. That makes it useless if its not for password protection.

DES is an encryption and became a standard long time ago, and today its useless! first of all because of the insufficient key length (and the NSA worked on it :P), but answering your question will be hard ^^.

why do people use old things instead of new once ? why is FAT32 still so widely used ? why do some admin's use textfiles instead of databases ?

could be that no one knows better…

woops. yeah, i must have misread the article on MD5, it is a hashing algorithm.

and people may still use old things out of familiarity, i guess.

fuser wrote: So, i want to ask this question: Why is it that the fact that MD5 and DES are both insecure…

It is the string that is insecure not the hashing algorithm. As you know, there is no patch to human stupidity. Well, if you are going to be storing hashes, you need to add prerequisites for a strong string password to be hashed. Prerequisites such as the length of the string password and what type of characters that are used. If you wanted to, you could right a little script to check for some dictionary words and common passes. Also add salt to the hash. It all comes down to forcing the user to do shit correctly.