Depending on your application, it may be better (more secure) to store the password in a way that it cannot be decrypted at all: Using a one-way hash function (such as MD5 or SHA1) you can still check if a given entry matches the correct password (because it will hash to the same "crypted" version), but since the hash-function cannot be reversed, you do not have to worry much about it being compromised at the storage level (*).

Of course, this also makes it impossible for the administrator to recover a forgotten user password. All he can do is reset it to a new one.

If that drawback (which can also be seen as a feature) is not a problem in your case, you should consider going with a hash function rather than a cypher. If you do want to implement a local keystore (such as what a browser uses for site passwords) then please go with one of the various Crypt::* suggestions.

Update: (*) While the hash value cannot really be decrypted, it is possible to brute-force crack it by trying all possible passwords for a match, which works quite well for poor (short/simple) passwords. This is why we have shadow password files these days (as opposed to storing the hashed password in /etc/passwd where everyone can take a shot at the guessing game).