[Aleul]

What would you recommend doing then? (New to this stuff)

[rmc]

I suspect tptacek will come in with some sound advise. But bcrypt seems to be the way forward.

cf. http://codahale.com/how-to-safely-store-a-password/

[sparky]

bcrypt or scrypt (http://www.tarsnap.com/scrypt.html). bcrypt lets you more or less arbitrarily set the computational complexity (in terms of instructions) of key generation. scrypt is newer (2009), but has the attractive property that it lets you arbitrarily set the memory complexity instead (how much memory it takes). This is attractive because key generation with a large memory requirement is more expensive to massively parallelize with an ASIC/FPGA farm.

If you have a seriously good reason for not using either of these, which you probably don't, "stretched" (iterated thousands of times) and salted SHA-2 or MD5, or PBKDF2 ( http://en.wikipedia.org/wiki/PBKDF2 ) can be acceptable alternatives.

[Aleul]

Thanks a bunch rmc, and sparky! I'll definitely be spending some time reading up on these tonight.