Why not use MD5 for password hashing?

Question

I have a friend which is a white hat hacker. He says that md5 is not really that bad and actually is really secure, just if we use it properly.

I believe that he is

Answer 1

You speak of slowing down validation as a problem but it is the only defense against a leaked hash and a brute force attack. Modern solutions hash the value repeatedly (ie: thousands of times) just to raise the cost of the calculation.