MD5 hashes are one-way, so you can't "decrypt" a password of which you only have the MD5 hash. Unless you do a brute force attack, and have a lot of patience (or luck).

Furthermore, encryption/decryption doesn't help. It doesn't help at all. If it's all "self-contained" (that is, there's no interaction with a source providing the password), the password will be visible for the EUID that runs the program. No matter how many times you encrypt. Because if you encrypt, you need to decrypt, and the steps to decrypt will be in the source. You've just transferred the need to keep the password a secret, to the need to keep the decryption key a secret....

There may be ways to make things more secure, but then you first have to determine who you are defending against. The casual shoulder surfer? Other, normal, users on the system? People with access to the network? Hackers/crackers? Professional industrial spionage? The FBI/CIA/NSA/MI5/MI6/Mossad/KGB?

Abigail