The elgg code is at engine/lib/users.php . My code to improve their code is right here. They always return md5, but instead I use the hash function and return sha512. I am sure they will say that isn't as secure as blowfish, but that is an area of...

I know Elgg is planning to upgrade the password encryption in a release sometime in the near future, but I can't release my site with md5. My site focuses on security and using md5 is  so insecure. I really do not want to release my site using...