Not reversed but MD5 can be brute forced. Which is why storing an MD5 password in a cookie is a no-no. It's also the reason we add salt. But I've noticed a lot of programs seem to add the same salt again and again, that defeats the purpose of adding salt to begin with. Salt is added to defeat dictionary attacks against the entire password list. If you use the same salt for each password then that's no better than using no salt at all. One of the easiest ways to add salt to the password is simply to concatenate the user name which is ussually unique.
