SHA-1 vs. triple-DES for password encryption?

We are considering changing our password storage from a home-grown algorithm to a standard. We are mainframe based and only have triple-DES and SHA-1 algorithms available. However, we many questions about the best way to proceed. We are leaning towards using SHA-1 for a few of reasons. The password being "encrypted" using SHA-1 never need be retrieved, just verified. Indeed, the password should not be retrievable. By not using triple-DES there is no need to secure a key used to encrypt them. Also, with triple-DES, if someone was to obtain the key, by whatever means, retrieving all of the passwords would be trivial. The downside to SHA-1 is that we would have to increase our storage requirements for the encrypted portion from 8 bytes to 20 bytes.

Is there anything inherently wrong with using SHA-1 to hash passwords for verification?  

Is there a benefit to using triple-DES instead?

Is SHA-1 any more suseptible to attack, brute-force or cr ypto-analytic, than triple-DES? My 2nd edition copy of Applied Cryptography states that there is no known crypto-analytic attack known for SHA-1, but that book is now several years old.

It was suggested to use SHA-1 and then remove all of the bytes from the hash except for 8 bytes (truncated from the beginning, end ,or somewhere in between) and store this, thus not increasing storage requirements. Would this compromise the algorithm? How much would it increase the chance that two passwords then had the same truncated hash?

I look forward to any insights you can provide and will be glad to answer additional questions where possible.

Craig