Why not use MD5 for password hashing?

Question

I have a friend which is a white hat hacker. He says that md5 is not really that bad and actually is really secure, just if we use it properly.

I believe that he is

Answer 1

The problem with MD5 is exactly that it is so fast, you can calculate about 9 Giga MD5/s with common hardware. To brute-force a whole english dictionary with about 200000 words you need only a fraction of a milli-second.

This is why appropriate hash algorithms like BCrypt offer a cost factor. The cost factor defines how much time is needed to calculate the hash and can be inreased in future. 50 milliseconds for a login is hardly an obstacle, but for brute-forcing it is deadly.