When one creates an internal directory (including in the setup wizard), one of the options is the "password encryption" type:

As you can see, we default to "atlassian-sha1", and the note below virtually insists on it (who would install Crowd if they didn't want "compatibility between Atlassian products"?).

This is terrible, because we're effectively locking user passwords into a proprietary format. In particular, LDAP directories don't support 'atlassian-sha1', which means users of the internal directory cannot migrate to a proper LDAP implementation, without losing their passwords.