Surely this is just another rehash of the same old debate that appears
here every now and then - the conclusion will always be that stored
passwords are inherently vulnerable. They can be obfuscated as much
as you like, but it only needs one successful piece of R&D to render
the whole obfuscation scheme useless for everybody.
See
http://marc.theaimsgroup.com/?t=92420089800002&r=1&w=2
http://marc.theaimsgroup.com/?t=94570694700003&r=1&w=2
for a couple of useful Bugtraq debates on this topic.
[both in 1999 ... was that _really_ the last time this came up ?]