md5 hash is just fine BUT NOT without salting it (e.g. with username or date/time of first login). i mean… really…

more info: http://aspnet.4guysfromrolla.com/articles/112002-1.aspx (just so i don’t have to explain it here lol)

have fun 😉