if you share the md5 string publicly -- yeah, it may not be a bad idea to encrypt twice, although I'd choose two different algos. By doing this, a potential hacker has to hack two strings to get the one. If I verify an encrypted string against a string which I know, I typically remove characters X and Y from the original string, use these for the salt and run crypt. Then I use characters A and B and C from the new string, run MD5.

Only I know the original string as well as which characters (their position in the string) are removed.

Doing something like that slows things down and isn't necessarily more secure. There are two uses I can see for doing that particular setup:

1) Ensuring that the password that is hashed is long and complicated. This would make things more difficult if the attacker is starting from the hash, and trying to work backwords to the password. Modern attacks involve taking a password, working it forward, and comparing the result (just like you do to check it).

2) Using md5 as a "password equivilant". To logon, you can either send the password, or proof you have the password. Instead of having the client send the password over the internet, the server could provide it with a challenge. The client's computer (through javascript) takes the challenge (12345, for example), adds it to the password (abcde), and hashes it (12345abcde). The server does the same thing, and compares it. By providing a challenge, the data sent over the internet can never be used again to login the user. The downside to this is that the remote server has to have a plaintext version of the user's password, and if it's compromised, it has enough information to impersonate all the users, as the password doesn't need to be broken.

By the way, Windows uses method number two. Extract the password hash from any machine on the network, you have access to all of them. Ouch. If works fine as long as you aren't hacked.

Anyhow, to get back to your question - a better approach is to use a better cryptographic algorithm, such as SHA1. It takes more time to calculate, and is considered more secure. For even more security, generate a random salt when you store the password. Use the salt as part of the hash function, and store it plain text. An example:

Bob and Sally both have a password of "hello". Bob has a salt of 123, and Sally has one of 234.

Bob's password is stored as the hash of 123hello, and Sally has a stored hash of 234hello. Without salting (even if you MD5 it twice), an attacker only has to encrypt each password once to test it for all users. By salting, you make him encrypt each password once for each user to test it against.

The following comment on PHP.net has some sample SSHA (salted SHA1) functions you can use.

[us3.php.net...]