I would use SHA2(256) at the minimum – however:

There is little or no point in simply hashing a password in a database due to rainbow table attacks. Equally, salted hashing is better, but if someone has access to your database, then the chances are that they have access to your code in which case they can probably disassemble a fixed salt. Equally, if you use a random salt, then you’re storing it inside the row anyway, so while it slows people down they can still attack it with a rainbow table.

A better solution is to use Password Stretching which uses a random salt as well as a random (high) number of iterations so that attempting a brute-force attack against each password takes significantly longer and therefore makes it physically harder to crack all the passwords.

I believe in .Net this can be achieved using PBKDF – but I’ve mislaid a link to it (somebody supplied it to me an answer to a question I asked a while ago). EDIT-Found the link for .Net: Rfc2898DeriveBytes Class.

On MD5

Whilst MD5 has indeed been shown to be ‘broken’ as mentioned by the other answers, the main reason why I wouldn’t use it – and why I’ve read that it’s inadvisable to use it – is because it’s actually very fast, thereby increasing the possibility of a crack within a given period of time.