MD5 is not fine. MD5 is very very fast[1] and as such it's possible to simply brute force password given relatively modest computing resources. The space of passwords just isn't that big.

Use bcrypt or scrypt. Don't make up your own crypto.

[1] Crypto benchmarks: http://www.cryptopp.com/benchmarks.html