I'd probably create a new MembershipProvider that inherits from SQLMembershipProvider. Then you could just override any methods that take passwordanswer as a parameter and hash it's value. And while you're at it, you could modify it to not require
the passwordAnswer to reset a user's password.
Alternatively, instead of creating a custom membership provider, you could update the stored procedures on aspnetdb to do the hashing there.