Hi, i've just noticed, that stored passwords are only secured with the unsafer MD5/Salt/Rounds configuration on a Ubuntu system. The entry in the database is $P$ByIsE1Zz59c5Ca0hztHuTOQLVQUMVS1. $P$ stands for the internal MD5-implementation auf phpass.
Regarding to the the doc phpass should use MD5 only as a fallback and use bcrypt at first. (yes, bcrypt-support is installed on my system)
Is there an reason why WordPress uses the unsafer method?