I deleted my reply (where I stated that the passwords were salted).

Apparently the database has a mix of hashing strategies. It started with unsalted MD5 and was improved over time. The format of the PHP crypt output allows you to distinguish between hash types.