This user has been denied support.
A multitude of password hashing options is a dependency hell (you have to keep supporting all of them in all future releases).
Choose one of those (choose PHP's builtin password mechanism and perhaps crank up PHP requirement to the PHP version that provides it) and then stick with that one. You can have a cost option for that one algorithm then (or rather not, as a high cost is a welcome DoS target and the default should be good enough).
Upgrading old hashes would already be enough of a dependency in and of itself (already takes three tries to verify instead of one) but worth it as it gives the new hash benefits to all users, even inactive ones... there's also a plugin that does it, but in MyBB core you can do the same w/o changing database layout and just a few lines of code.
Quote:In addition to the above improvements I suggest that the following database tables should be encrypted by default:
Encrypt how and whatever for? First of all the server has to be able to decrypt it anyway, so it won't stop malicious admins. Second how do you even query an encrypted database? Enter keywords, search PM, uses database queries to be possible, once encrypted what do you do?
Maybe it's possible to encrypt database backups. But MyBB's backup task is already heavy on resources, even after optimizing it. It's also error prone (like the issues with partially gzipped backups in the past). Also I'm not sure if the average MyBB user would know how to decrypt these.