Rowan Thorpe via Coquelicot:
..[snip].. either way. Regarding algo, the go-to scheme I am using for various things at the moment is bcrypting server-side (with crypto-grade random salt and tuning the rounds for the server) for the obvious reasons, and for web-interface code doing bcrypt of the password client-side in javascript where possible too - so the server will only be hashing the received hash-with-salt, and the client can know they are not even trusting the server with their password. Considering the philosophical basis of Coquelicot that seems a particularly relevant approach...
The threat model of Coquelicot assumes that if the server is compromised, it can send the Javascript code it wants. To follow its current model where the file is encrypted upon reception file the server, I think it's fine to go for the easy way for the upload password as well.
I'm working on a new release. I've used the bcrypt gem for the userpass authentication mechanism in the end.