Currently by default, RabbitMQ only supports sha256 and sha512 for password hashing. These two hasing algorithms are considered having security risks nowadays. The pbkdf2 algorithm is considered more secure and is widely use. Maybe RabbitMQ should support it by default instead of letting users develop their own plugin, since erlang does not have implement pdkdf2 hashing, and many users who use RabbitMQ don't have the ability to implement it by their own.