[3pt14159]

In my opinion it is not. Here is the common use case for people: 66% of them use 8 character or less passwords. Forget about the common longer passwords like "letmeinplz" just doing a brute force would give them 66%. In terms of loss, even 1% of passwords being compromised is bad since many people use the same password for multiple things.

Now, how long would it take for people to take down bcrypt? in the scale of time bcrypt is all the way over there -> from SHA1 and cleartext. Bcrypt will protect you even as computers get faster. SHA1 a couple decades from now will be be compromised for 9 or maybe even 10 characters. No way with bcrypt.

[dekz]

Your second point makes no sense, bcrypt factors are manually increased and require a new write for every item in the store. If we time capsule the SHA1 hashed db of passwords and the Bcrypt db for 10 years you cannot prove that the SHA1 database will be more easily compromised than the Bcrypt database. There may be a cryptographic break in blowfish in the time.

They don't mention a work factor for their SHA1 hash storage, they could be using PBKDF2 for all we know.

If you're looking for something to pick on about Linode here, go after something else, this isn't the worst thing to come out today.