[technomancy]

We did it on Clojars, the Clojure library source, without much trouble:

https://github.com/ato/clojars-web/compare/68872652fc427cc1....

We had a month or two grace period in which anyone logging in would have their password upgraded to bcrypt automatically, then wiped the SHA1s.

https://groups.google.com/forum/#!msg/clojure/Xg1I0rgt85s/Vf...