MD5 is a hashing algorithm (for simplicity, let’s wrongly say hashing it’s something akin to encrypting) that is very fast to compute. That is bad for password storage, since it means you are vulnerable to a brute force attack; you want the algorithm for password storage to be slow enough to make that attack unfeasible.
Aditionally, there’s also attacks like dictionary attacks, where you can use precomputed hashes of commonly used passwords (that’s a reason you shouldn’t re-use passwords accross websites: if one of the falls, the rest are vulnerable to dictionary attacks). To prevent these, you use salted algorithms, of which MD5 is not, at least out of the box.
MD5 is a hashing algorithm (for simplicity, let’s wrongly say hashing it’s something akin to encrypting) that is very fast to compute. That is bad for password storage, since it means you are vulnerable to a brute force attack; you want the algorithm for password storage to be slow enough to make that attack unfeasible.
Aditionally, there’s also attacks like dictionary attacks, where you can use precomputed hashes of commonly used passwords (that’s a reason you shouldn’t re-use passwords accross websites: if one of the falls, the rest are vulnerable to dictionary attacks). To prevent these, you use salted algorithms, of which MD5 is not, at least out of the box.