Scared to disclose? It’s too weak.
Lobste.rs (and everything I’ve written that has user authentication in the past many years) uses bcrypt if anyone cares.
Only good sites will do this anyway.
Yes, but if the good sites all did post their storage scheme, then I would think twice about registering. As it is now, I have no way to be assured that my account with any given service is safe.
Maybe. I don’t think it’ll get enough traction to make this a useful heuristic.