I'm admittedly not familiar with the details of the hashing process, but it could be done client-side, no? Then the compute power required falls on the user, PLUS the 20 megs never gets sent over the wire.
Hiding the technique to compute the hash is relying on security by obscurity. Ideally you want a system that is secure even if potential attackers know what methods you're using.
It doesn't add to the security, but I might find it easier to remember 20 MB of redundant and meaningful stuff than to remember 384 bits of literally random stuff. The entropy might be the same, but my memory is not a computer. I can remember vast amounts of material that is meaningful and use it as a password. I can't remember 384 bits that have no meaning.
The benefit isn't in the entropy, it's in the abilities of your users to remember their passwords/passphrases in the first place.
That's not the point - the difference between 2 KB and 20 MB is purely a detail. You said:
> If you're not sending 20 megs of data,
> you're not getting 20 megs of security.
> So why allow it if it doesn't add anything?
You could just as equally say:
> If you're not sending 2 KB of data,
> you're not getting 2 KB of security.
> So why allow it if it doesn't add anything?
Your point is the same, and it's still wrong. What you're getting is not the security - that's only half the story. My point is that is does add something, it's just that the something it adds isn't the entropy for the purpose of security.