Please read for an updated status on RailsCasts:
Learn more or hide this
GitHub User: pjg
Although there is some benefit in using bcrypt vs the traditional sha1 (actually the only one I can see is a much more cpu power required to generate each hash/password), I would still stick to sha1 when rolling out my own authentication solution. At least that's what I did in my simply_authenticate Rails plugin:
(btw. there is some utf8 related problem with getting my username from github).