Scott King

Arch Linux

Starting in alphabetical order, there's Arch. I found a reference to MD5 and SHA512 on the Arch wiki page for SHA password hashes.
The page goes on to say "If your current password was created with shadow version prior to 4.1.4.3-3 (2011-11-26) you are using MD5. To start using a SHA-512 hash you just need to change your password with passwd." There's also more about key strengthening with multiple rounds which is something I'd recommend reading. There's a good chance that up-to-date Arch systems are using SHA-512. If you run an Arch system and would like to check, run cat /etc/shadow as root and if any user's password starts with $1$ it's MD5, whereas $6$ will be SHA-512.

Debian Linux

With Debian, the Securing Debian Manual's section 4.11.1.1 - Password security in PAM, it states that since Debian Squeeze (6.0) SHA-512 is default. Seeing as the current stable is Stretch (9.0), you've probably got SHA-512 protecting your password(s). You can always run cat /etc/shadow as root and verify just like with Arch above!

Django

The Django docs has a page called Password management in Django and the How Django stores passwords section within states "By default, Django uses the PBKDF2 algorithm with a SHA256 hash".

Joomla

Joomla employs a far weaker hash as stated within the doc page How do you recover or reset your admin password? as it says MD5 with a salt is used. Had to dig a little deeper to find out how long the default salt actually is. Luckily, came across the release notes for Joomla 1.0.13 and within the Improved Password Storage System section it reads "Joomla! 1.0.13 now features salted hashes which will automatically pad a password string with 16 randomly generated characters". So this is actually far better than just MD5 by itself.

LUKS

The on disk-format LUKS standard (PDF) goes into detail with "LUKS uses SHA1 per default as the pseudorandom function (PRF) but any other hash function can be put in place by setting the hash-spec field." That hash-spec field is actually pretty important, seeing as certain distros change this. Debian and Ubuntu for example will set this default to SHA-256. You can verify what your distro is using by running cryptsetup luksDump /dev/your_luks_partition and checking for Hash spec.

Mac

Running the command sudo defaults read /var/db/dslocal/nodes/Default/users/USERNAME.plist ShadowHashData|tr -dc 0-9a-f|xxd -r -p|plutil -convert xml1 - -o - (replacing USERNAME with your username) will give a nice XML file. Within that file it reads SALTED-SHA512-PBKDF2 which is the strongest we've seen so far within this list! This question on StackOverflow helped answer this.

The RHEL 6 Security Guide's second chapter "Securing Your Network" has a section called 2.1.3. Password Security which states that the default is SHA512, as well as shadow passwords. SHA512 appears to be the standard in the Linux world.

Windows 10

The man behind Mimikatz Benjamin Delphy posted on Twitter in regards to the Anniversary Update (1607). Since this update, the MD4 hash used for passwords is encrypted with AES128. - This StackExchange post certainly helped with research!

WordPress