Actually, precisely for applications such as password hashing MD5 has not been broken. MD5 is broken only in collusion with the author of the original stream to be hashed. For passwords, that would mean an attacker who can pick the password and already has access to the system might be able to pick a password such that other passwords also grant access... who cares?
Of course, irrespective of hash function you need to worry about weak passwords, so you'd need to use salting and an expensive stretching function, or only permit auto-generated passwords. But that's really not a weakness in the hashfunction; it's to mitigate weaknesses in the concept of a user-chosen password.
Of course, irrespective of hash function you need to worry about weak passwords, so you'd need to use salting and an expensive stretching function, or only permit auto-generated passwords. But that's really not a weakness in the hashfunction; it's to mitigate weaknesses in the concept of a user-chosen password.