diff -urp password_policy.orig/constraints/constraint_history.inc password_policy/constraints/constraint_history.inc
--- password_policy.orig/constraints/constraint_history.inc	2009-10-07 12:37:51.000000000 -0400
+++ password_policy/constraints/constraint_history.inc	2009-10-07 14:10:31.000000000 -0400
@@ -26,13 +26,19 @@ function password_policy_constraint_hist
  * Password validation.
  */
 function password_policy_constraint_history_validate($password, $constraint, $uid) {
-  return !in_array(md5($password), _password_policy_constraint_history_old_passwords($constraint, $uid));
+  return !in_array(_password_policy_hash_password($password), _password_policy_constraint_history_old_passwords($constraint, $uid));
 }
 
 /**
  * Javascript portion.
  */
 function password_policy_constraint_history_js($constraint, $uid) {
+  if (_password_policy_password_hash_phpass_enabled()) {
+    // no javascript if phpass is enabled
+    // constraint will still validate correctly on form submit
+    return '';
+  }
+
   drupal_add_js(drupal_get_path('module', 'password_policy') .'/constraints/scripts/webtoolkit.md5.js');
   $pass = _password_policy_constraint_history_old_passwords($constraint, $uid);
   $s = '';
diff -urp password_policy.orig/password_policy.install password_policy/password_policy.install
--- password_policy.orig/password_policy.install	2009-10-07 14:02:36.000000000 -0400
+++ password_policy/password_policy.install	2009-10-07 14:08:48.000000000 -0400
@@ -109,9 +109,9 @@ function password_policy_schema() {
           'not null' => TRUE,
         ),
         'pass' => array(
-          'description' => t("User's password (md5 hash)."),
+          'description' => t("User's password hash."),
           'type' => 'varchar',
-          'length' => 32,
+          'length' => 60,
           'not null' => TRUE,
         ),
         'created' => array(
@@ -156,3 +156,12 @@ function password_policy_schema() {
   );
 }
 
+/**
+ * Alter table password_policy_history to accommodate phpass hash
+ */
+function password_policy_update_6001() {
+  $ret = array();
+  $ret[] = update_sql("ALTER TABLE {password_policy_history} CHANGE pass pass varchar(60) NOT NULL");
+  return $ret;
+}
+
diff -urp password_policy.orig/password_policy.module password_policy/password_policy.module
--- password_policy.orig/password_policy.module	2009-10-07 13:06:14.000000000 -0400
+++ password_policy/password_policy.module	2009-10-07 13:49:31.000000000 -0400
@@ -702,7 +702,35 @@ function _password_policy_start($expirat
  *   Clear text password.
  */
 function _password_policy_store_password($uid, $pass) {
-  db_query("INSERT INTO {password_policy_history} (uid, pass, created) VALUES (%d, '%s', %d)", $uid, md5($pass), time());
+  $hash = _password_policy_hash_password($pass);
+  db_query("INSERT INTO {password_policy_history} (uid, pass, created) VALUES (%d, '%s', %d)", $uid, $hash, time());
+}
+
+/**
+ * Generate a password hash.
+ *  IF   phpass module is enabled, generates using phpass,
+ *  ELSE regular md5
+ *
+ * @param $pass
+ *   Clear text password.
+ */
+function _password_policy_hash_password($pass) {
+  if (_password_policy_password_hash_phpass_enabled()) {
+    return _password_policy_password_hash_phpass_hash($pass);
+  }
+
+  return md5($pass);
+}
+function _password_policy_password_hash_phpass_enabled() {
+  return module_exists('phpass') && variable_get('user_hash_method', 'phpass') == 'phpass';
+}
+function _password_policy_password_hash_phpass_hash($pass) {
+  // initialize phpass
+  require_once(drupal_get_path('module', 'phpass') .'/PasswordHash.php');
+  $phpass = new PasswordHash(variable_get('user_hash_strength', 8), variable_get('user_hash_portable', TRUE));
+
+  // get a new secure hash
+  return $phpass->HashPassword($pass);
 }
 
 /**