I know arch tries to keep to upstream but their seems some discrepencies that you may or may not be aware of so thought I'd share. The crypt man page says glibc may not support blowfish (stronger than nists recommendation) and that seems true when used via the commandline (very short output). The arch wiki says you can use a library from AUR. There is also a sha512 arch wiki which says you should edit pamd.d/passwd from md5 to sha512 but the default seems to already be sha512, maybe it tries both as some distros default is now sha512 so no need anymore. It seems if you simply edit /etc/default/passwd to blowfish and reset your password, sha512 is used e.g. encrypted password beginning with $6 in /etc/shadow not $2 (blowfish) and logins work fine. I guess the /etc/default/passwd config file may be futurised or the config written before changing to SHA which was easier to implement and the wiki is out of date with the code?? -- Kc