I expect the most common case to be that the password is used to unwrap decryption keys for the very root filesystem that contains the shadow file. In that case choosing a weak hash function does not help an attacker who wishes to decrypt the filesystem, and yet this docstring suggests otherwise. I'm not sure how to phrase it in a way that is both succinct and precise, sadly.

I believe you are talking of whole-disk-encryption. In that case, the decryption passphrase and login password are independent (and in general different, especially if there is more than one user).

ecryptfs & friends are generally used to encrypt user home directories, not /etc/shadow. For convenience the passphrase is encrypted using the login password of each user, so being able to brute force these is an issue.

What happens when I just change this setting on my system?

Would types.listOf types.str make more sense here?

@SuperSandro2000, passwords in /etc/shadow will then be hashed using the methodology you selected.

This affects the default for e.g. passwd.

I could easily find sources that recommend yescrypt over sha512 on the internet but none of those mentioned that you should use 10 rounds. I would leave that out of the recommendation for now.

The recommendation is specific to people protecting other on-disk secrets with the same password. For this usecase, the default number of rounds (5) isn't good enough. Here's one blog post that discusses this: https://medium.com/@slimm609/cost-based-password-hashing-b383bbb355df

The actual default on unstable right now.

And somewhat plausible alternatives:

https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf#L42-L47

Most everyone should migrate away from sha512crypt to a more recent KDF that includes additional hardness properties.