Initially, I was using the SHA1 hashes for passwords. But after reading some articles about password safes being stolen and what hackers can do to decrypt them, I decided to use a more secure password scheme. I decided to salt the passwords.
You can read more about them here.
Basically, a salted password is one where a string is prepended or appended to the password before being hashed. This string is the salt. You can use the same salt for all passwords but it’s a little more secure to use a random salt for each password. So the random salt is added to the password, then hashed, then the salt is appended to the password (or kept elsewhere) so you can verify a password when it’s later entered.
Fortunately, you don’t have to do this all yourself.
The Apache authentication module will accept salted passwords including MD5 as previously mentioned here.
All you have to do is salt and hash them and store them in the database. Apache will verify the passwords later. And there are a lot of open source code for salting and hashing your password using the MD5 approach. Here’s the one I used called MD5Crypt.