I'm new to web programming and ASP.NET. I'm creating a site that allows a few management types to have access to business data via the web. So I don't need to store zillions of usernames and passwords. I want to store them with a web.config file, and I want to use either SHA1 or MD5 to encrypt the passwords. This is fairly sensitive data I'm protecting. How easy would it be for someone to hack my hashed passwords? If this isn't enough security then what should I do?