Hashcat can do 25Giga-hashes per second for MD5. Only 13000 hashes per second for bcrypt with the cost parameter set to 5 (at this point 12 is advised, which is 2^7 more slower). So even if you would do a million rounds in the above algorithm you do not come close to bcrypt's security. Also, I have no idea if doing multiple rounds of md5 makes it more secure.
Just use bcrypt, it is battle tested and still secure.
Thanks for your feedback. However, if you read through the article, you would have observed that I stated clearly the intent.
This article does not aim to provide a better solution to the ones already provided by the existing libraries, rather it tends to shed some light on how the implementation works under the hood.
Also, before the Conclusion, there's a disclaimer
Disclaimer: This article does not guarantee the security of encryption implemented herein.
I hope this helps explain better.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Violation of rule #1 of cryptography:
Never ever invent your own crypto algorithm.
Crypto is difficult, really difficult.
Hashcat can do 25Giga-hashes per second for MD5. Only 13000 hashes per second for bcrypt with the cost parameter set to 5 (at this point 12 is advised, which is 2^7 more slower). So even if you would do a million rounds in the above algorithm you do not come close to bcrypt's security. Also, I have no idea if doing multiple rounds of md5 makes it more secure.
Just use bcrypt, it is battle tested and still secure.
Thanks for your feedback. However, if you read through the article, you would have observed that I stated clearly the intent.
Also, before the Conclusion, there's a disclaimer
I hope this helps explain better.