Hi bsingh
MD5 is certainly not what you want to do here. Read up on scrypt, bcrypt, and pbkdf2, the top google links should do fine. There are erlang versions of all of these, usually as NIFs.
TL;DR md5 is not secure enough, and you need to use a salted repeated hash function to make attacking passwords more complex.
For a complete but very complex example, you might want to take a look at couchdb where we use both mochiweb and also pbkdf2 for storing and hashing user passwords
https://github.com/apache/couchdb/blob/master/src/couchdb/couch_passwords.erl is where the hashing magic happens.
--
Dave Cottlehuber
Sent with Airmail