menhir.contenttype.user.user.py still uses SHA1, we should use SSHA.
Bug watches keep track of this bug in other bug trackers.