Im making a mysql/php forum script, and im using md5 to hash the passwords, would this be sufficent protection?

It depends on the use. It would not be a good idea for you to make it so that people can get at the md5-hashed versions of other people's passwords, because md5 can be reversed if someone downloads a tool to do so and is patient enough to wait a long time. On the other hand, people typically use md5 just as extra protection in case the database is stolen. It's reasonably useful for this, because if somene steals a database of 10,000 members it'd take them such a long time to decrypt all of the passwords that they're likely to not bother. (Though really, the main reason it's used for this purpose is that when it started being used for that there was no known method for reversing an md5.)

Some scripts like vBulletin use a javascript md5 as a sort of substitute for SSL. Any unencrypted form submissions are theoretically vulnerable to packet sniffers or the like, so vB md5-encodes the password in the browser so that it appears random and won't be recognized by packet sniffers. vB then combines the md5-encode with a salt stored in the database, and md5s that combination, so that the actual contents of the 'password' field in the database are quite difficult to decrypt. This, as far as I know, is pretty effective even if not as good as SSL.

Anyhow I'd say it's more important to protect against brute-force types of attacks, by limiting the number of login attempts that can be made for any particular account in a certain time period (I put the limit at 100 failed logins per day, as this won't inconvenience anyone but isn't nearly enough attempts for a password-guessing script to have any luck).

because md5 can be reversed if someone downloads a tool to do so and is patient enough to wait a long time.

Through brute force you mean? Like say, if your plain-text password was "kitty" which hashed to "g4m6rt78ui0e4rt"...a brute force script might try dictionary words: "Aardvark", gets the hash, compares it to "g4m6rt78ui0e4rt", no match, etc. I was under the impression this would be the only way to retrieve a plain-text password from an md5 hash. Is this correct?

http://md5.rednoize.com/

http://md5.rednoize.com/

the site just perform a search for a match string... not really "reversing"

yup, and when you enter something that's not yet in the database it will be reversed in the "future".

well.. i guess you need to wait for someone to enter the right values

While a brute force of just running through the dictionary might be more practical in some cases where you have a lot of passwords and can figure somebody will be use bad [dictionary word] passwords, that's not what I was referencing. Here's an online tool to reverse an an MD5: http://passcracking.com/. It in turn uses http://www.antsight.com/zsl/rainbowcrack/, which it seems creates huge tables in order to make the lookups possible.

If your administative password to a forum is stolen in md5 form, you might be in trouble. Best not to treat an md5 hash like it eliminates the need to protect password data from prying eyes. Involving a salt makes it invulnerable to any current methods though. Personally I have options for unencoded (so that passwords can be emailed directly), md5 encoded, and double md5ed with a salt (vB3 style) and let the forum admin choose which they prefer based on their personal paranoia level or other considerations. Though I default to md5 just because it's standard and if people are importing from some other script then odds are the passwords it has are md5ed.

As I recall MD5 was broken a year or two ago... I can't find a lot on that in google, but here's a little:
http://www.hcrypto.com/B/

http://www.cits.rub.de/MD5Collisions/

A basic, but quite good read regarding MD5 collisions. I suggest checking it out.

http://www.cits.rub.de/MD5Collisions/

A basic, but quite good read regarding MD5 collisions. I suggest checking it out.

yeah.. that's true as Hash function are created based on slots.... if the slot is full then collision occurs