This is incorrect - I don't use MD5 in authentication at all. Virtual Airlines can provide us a list of their users' email address, which are hashed using an algorithm of their choice. While MD5 is an option, it's not the only one. This is only used when linking a simFDR account to a virtual airline ID and is a way of providing some mechanism of privacy. Worst case, even if someone gets the data and reverse engineers the hash, they get an e-mail address.
Our own authentication schemes are proprietary, but involve a combination of 2048-bit RSA keys, AES encryption and 256-bit SHA hashes.
Thanks!
Luke