Comment 7 for bug 1349252

For password hashing, bcrypt *is* better, by design. There's absolutely no ambiguity here, the consensus is fully in favour of bcrypt. Hashes like SHA512 are general purpose, designed to run really fast, whereas bcrypt is explicitly for secure hashing and is deliberately, tuneably slow. There are many articles on the subject, here are some (from *5 years ago*!):

http://codahale.com/how-to-safely-store-a-password/
http://blog.codinghorror.com/speed-hashing/

Frankly I'm shocked this is even being questioned. Without bcrypt in libc, all apps that rely on libc for hashing (I've just run into it with dovecot in 14.04) are not as secure as they should be. Hasn't this been flagged by the Ubuntu security team?