The current way of hashing passwords is not safe enough. A single MD5 hash without a salt is as good as storing passwords in plaintext. See for example freerainbowtables.com
I see 2 options here. SSHA often used in LDAP enviroments or PHPASS (my preference).
The last one is in an adapted version used in Drupal 7. See the PHPASS page for links to discussions and references to background information.
You might even support both since the hashed versions can be prefixed with the hash version (for more details see the LDAP password field or the algorithm for PHPPASS).