Is there any official documentation with this information?
The Algorithm used to encrypt the Password field when the PasswordFormat = Hashed. It's SHA1. You can see the details of the implementation in the EncryptionService source.
If that's the case, I'm guessing that 3.80 or the next version will use SHA256 because everybody, everywhere is dropping support for SHA1...just too hackable.
SHA-1 is no longer considered secure against well-funded opponents. In 2005, cryptanalysts found attacks on SHA-1 suggesting that the algorithm might not be secure enough for ongoing use, and since 2010 many organizations have recommended its replacement by SHA-2 or SHA-3. Microsoft, Google and Mozilla have all announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.
I have proposed a future solution for this issue here: https://www.nopcommerce.com/boards/t/43601/for-review-security-enhancements-for-nopcommerce-390.aspx