Is there any particular reason why SB does not enable md5 passwords on debian servers during installation?

Because we forgot? :D

This will be fixed immediately.

heh. better late than never :)

While looking into this we found that there is a bug in Debian Woody that prevents the passwd package from being configured in the way one would expect. It has been fixed on the installers and you can run the following commands to fix your server (the Debian way):

# dpkg-reconfigure -f noninteractive passwd
# echo "set passwd/md5 true" | debconf-communicate
# echo "set passwd/shadow true" | debconf-communicate
# dpkg-reconfigure -f noninteractive passwd

You can also manually edit the files in /etc/pam.d and add "md5" to the end of lines that begin with "password required pam_unix.so".

-knightfoo

Probably also worth noting that after you enable md5 passwords on the box, each user account password needs to be reset in order to be stored as an md5 password in /etc/shadow.