Description
SHA-1 is now proven to be breakable (although it would cost around 100k$ to rent the GPUs to create a collision), and finding a collision for MD5 is just a matter of seconds.
We should probably forbid the use of those 2 hashes when storing the password.