Fair enough; I appreciate the context.

Curses. Could you elaborate a bit? We're running phabricator in a container that has read-only access to a gitolite hosting folder. I'd be open to changing how we handle our hosting (probably arrange for the container to have network access to gitolite, which it doesn't currently), but I'm curious what the security flaw entails.

Thanks @epriestley.
Regarding scrypt, I'll let you know if a desire for additional tinfoil becomes unbearable :)

This approach seems reasonable. I support transparent upgrades on login, which makes a lot more sense than my idea, and using a hash-type prefix. During the database upgrade, it might be convenient to update md5 hashes to a similar md5:... prefix, to simplify the hash-type check (if substring worked, then match on type, else fail).

The classical guide with solid info: http://codahale.com/how-to-safely-store-a-password