My application is using the md5 approach that you mention but it seems too basic and simple for hackers. md5 isnt the hardest this to crack in the world. So I had a look at what some of the other frameworks do. I noticed symfony sfguard plugin must use an algorithm and either sha1 or md5 to make it a little harder for the hacker or prying eyes to view.
That's when i had a look at CSecurityManager and thought maybe Yii offers something similar.
I thought a good approach was to generate a key (save to database) and use this to hash password. Then we you login a user you would do the same approach as mentioned above but call for the generated key to make sure the passwords match.
its early in the morning for me so I hope that all made sense
Usually you would use some random "salt" prepended to the password before hashing. Your hash will also have that salt prepended (its needed to hash a user submitted password for comparison) Have a look at the crypt function in PHP. The problem is that crypt could use different hashing algorithms depending on the algorithms available on the platform. So you could use my crypt function: