There has been proof of security vulnerabilities in the algorithm of SHA1, that could possibly lead to an attack. I would recommend using a variant of SHA2 (SHA 256 or SHA 512).
As far as how long it would take someone to crack a password stored in the varying hashes, it's difficult to say without knowing the processing power of the attacker, how long the passwords are, if they employ rainbow tables, how random the salts are, etc. However, if there is something wrong with the algorithm, it could possibly lead to a much easier way to find the hashed value or a different value that equates to the same hash (called a collision), as is the case of MD5.
(Source and more information: http://en.wikipedia.org/wiki/SHA-1)