The value that you should be sending in the email is the unencrypted version that is held in the session variable for the new password.
In the solution recipe here it shows the update server behavior making use of the new password session variable with sha1 formatting. The next steps show an update to the send password server behavior where the unencrypted new password session variable is selected.
What is the value that you are sending in the email that is coming up with the encrypted version of the password? Please post back with the pages in question in a zip archive so we can take a look.