I think you can turn it off by modifying the file jboss-portal.sar/conf/login-config.xml : remove the line
<module-option name="hashAlgorithm">MD5</module-option> <module-option name="hashEncoding">HEX</module-option>