[jvehent]

It's what django uses, and this site uses django.

[flaviojuvenal]

Django 1.3 or lower. Django uses PBKDF2 [1] since 1.4 (March 23, 2012) [2].

[1] https://docs.djangoproject.com/en/1.5/topics/auth/passwords/...

[2] https://docs.djangoproject.com/en/dev/releases/1.4/

[ubernostrum]

MDN was on Django 1.2 for a while, albeit with monkeypatched password hashing (since Django at the time was still defaulting to SHA1, I believe). With the switch to Persona, it no longer matters -- for a new account -- what hasher is used, since Persona doesn't involve storing a password.

[meowface]

Not to mention it's always been easy to implement even when it wasn't bundled by default.

There is utterly no excuse for storing passwords with anything that's not PBKDF2, bcrypt, or scrypt starting in 2009.

[TD-Linux]

Right, they switched over to Persona, which is far better. Unfortunately the old hashes were still left in the DB.

[jeffbryner]

To be clear, the only old hashes were those from folks who haven't used persona to log in.