Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt.
Well, at least it's clear.
Bcrypt is better because hashes like MD5 or SHA* are designed to be very quick, and so they can be cracked by simple brute-force attacks, even when you include a salt.
This comment on HN is also very informative, especially if you don't know what I'm talking about, as is the rest of the discussion, in fact.
Why is this relevant? Because password hashing is something that almost every web application has to do. And most web applications use salted hashes. And, as the recent Gawker débacle showed, that is not secure.
