Schneier on Security: SHA-1 Broken

Bruce Schneier's blog reports that SHA-1 has been broken. Schneier sites a Chinese team's informally circulating paper describing work that builds on past work against SHA-0 and SHA-1. MD5 is on pretty shaky ground. So what digest function should we all be using to secure our passwords?