yescrypt optional improvements from scrypt Time-memory trade-off (TMTO) resistance Reduces attacker's flexibility, and increases attacker's area-time cost by 2x to 4x Quicker attacker's ASIC area-time growth per defender's running time Running time tunable separately from memory usage and parallelism bcrypt-like GPU unfriendliness by including bcrypt-like rapid random reads, typically from defender CPU's L1 data cache Multiplication latency hardening (efficient on common x86 and ARM CPUs) (Integer) multiplication takes about as much time on common CPUs as it does in ASIC, limiting possible attack speedups (for same memory usage) even with much faster memory This differs from scrypt's Salsa20/8, which is optimally computed in a lot fewer clock cycles in ASIC than on CPU 32x32 to 64-bit: [I]MUL on x86[-64], [V]PMULUDQ with SSE2/AVX/AVX2; UMLAL [or VMLAL] on ARM [with NEON]