Please, don't only hash your passwords with md5. That's still a security problem.
If someone knows the password of one of the users, he is able to crack all other user's accounts that have the same hash. Please use salting, so this doesn't happen.
Also, there is stuff like Rainbow Tables
, which make it easier / possible to brute-force md5 hashed passwords with today's amount of memory and computation speed.
I suggest you to look into the 'Blowfish' algorithm. I have just quickly googled about what your options are. It looks like JCE
is the best option.
Wait a minute, I'll try to write up a simple function and test it