in reply to MD5 - what's the alternative
The most important thing is to know if you have a static or dynamic fingerprint. This means, if the output of MD5 will be generated (with different outputs) every day, or if you have a static fingerprint (like in passwd).
If you have a dynamic fingerprint will be much more harder to crack it, but if it's static we have all the time that we need to crack it.
Now about CRACK a MD5. Well, what you can know is that is impossible to get back the original text. Like we say, is a fingerprint, not all the body.
What is possible to do with MD5, is to find by brute force a string that can produce again the fingerprint, but this doesn't mean that the password used by the user is that string found with brute force. In other words, we always have more than 1 string (actually much more) that produce the same fingerprint. This exists for any "digest" algorithm, the question is that MD5 is faster than SHA, and with MD5 we can use some tricks to reduce the number of attacks.
So, use a dynamic fingerprint and always put with the original string some extra data, specially dynamic data, to make the brute force harder,
Graciliano M. P.
"Creativity is the expression of the liberty".