What my fellow monks have said so far is very instructive. You must pay attention to their views.

I will add that no matter how you choose to store your passwords, you should avoid using reversible crypto. That is, you should use schemes that make the recovery of the original password, either impossible or very hard. This is the approach followed by the designers of Unix, long ago. They use a supposedly cryptographically strong hash function and a salt to protect the password.

Thanks to this approach, even knowing the algorythms used to protect the passwords and having access to the password database itself, obtaining the original passwords in clear-text (ie, for use in actual authentication) becomes a non-trivial problem involving brute-force and possibly massive amounts of processing power.

If you use reversible crypto, a cracker with knowledge about the algorythm used to secure the passwords and with access to the password database, can easily break into your system/application.

Take a look at Crypt::PasswdMD5, which allows you to protect passwords of any length, using the MD5 algorythm to hash them, making the recovery with methods other than brute force, infeasible.

Hope this helps.