phpBB has been using the phpass implementation of a salted md5 for password hashes since the beginnings of phpBB 3.0. With the minimum requirement of PHP 5.3.3 for phpBB 3.1 we can and should however move to more secure hashing methods like bcrypt.

RFC topic: http://area51.phpbb.com/phpBB/viewtopic.php?f=108&t=33231