I just use md5(). It's the users fault if they use a dictionary word or something (even though, technically, it would be the site owners fault for someone getting in to the database in the first place).