None of the attacks on MD5 so far are relevant for one-way hashes of passwords, though moving to SHA-256 may not be a bad idea anyways.