Late 1990s to 2007(+?): web apps use raw MD5 "Web apps" started to appear, usually written in PHP, so indeed they directly used PHP's md5() function for password hashing. PHP also offers crypt(), but those hashes were not sufficiently portable between systems (in 1990s, some Unix-like systems could lack DES-based crypt(3) because of US export regulations, and PHP is not Unix-only). This may be too complicated an explanation, though. Chances are that those web apps' developers simply did not know the options. No password stretching: Cracking speeds for one hash are about 1000 times higher than those for FreeBSD's MD5-based crypt(3). No salt: Effective cracking speeds ({account, password} combinations tested per second) for non-targeted attacks against large raw MD5 hash databases are even higher (times the number of hashes), precomputed hash tables may be used.