If I recall the prior discussion, MD5 is OK, crypt is still risky,
because MD5 is not an encryption algorithm so it doesn't fall under
the US export laws.
I believe Vince V. is working on improving the password challenge
code to use MD5, btw.
regards, tom lane