Woah, lengthy post, thanks
But if you had a unique salt per user for example based on their id and credentials then the md5 hash would become almost uncrackable right? even if the hacker had the files as you cant decode an md5 hash and a database would not have a match for it, plus it adds safety if your using cookies
Just my views, what do you think about it?