My take on this is that encryption is NOT the way to go. This would mean that there exists a key that could decrypt the entire password file. On this count triple DES is no better than regular DES. From my understanding the MD5 would work well. It is non-reversible. In the current scheme, DES is used as a one-way function; the password file is non-invertible. See the Morris and Thompson paper.