KDFs in scripting languages (future phpass?) We're limited in our choice of cryptographic primitives, especially if portability to other scripting languages is desired MD5 is the most ubiquitous common denominator, but use of SHA-512 is more appropriate by other criteria Include parallelism so that we may eventually benefit from it e.g., when support for next generation phpass hashes gets embedded into PHP proper Feed moderately large amounts of data into the available cryptographic primitives so that we save on interpreter or VM overhead e.g., invoke PHP's SHA-512 implementation on strings that are several kilobytes long - enough to keep the call overhead to a minimum, yet still within L1 cache Sequential memory-hard functions may be practical