[ufmace]

I think the important point is that Bitcoin mining hardware is much more specialized than that. The really crazy fast ASICs are hardwired to do SHA-256 hashes of Bitcoin block headers only and just increment the Bitcoin nonce before repeating. They can't be repurposed to crack password hashes.

[tubbyjr]

They may not be repurposable per se, but they are a great benchmark for what may be realistically achievable for cracking password hashes utilizing similar base algorithms.

[henns]

One thing to keep in mind: a lot of the die real estate in modern processors is spent on doing tasks other than calculating hashes (a lot of it is caches https://www.servethehome.com/amd-epyc-7000-series-architectu... ).

Someone using an FPGA or ASIC can dedicate almost all of the die to creating lots of SHA-256 units.

[ufmace]

AFAIK, the base algorithms here are custom-fabricated ASICs. If your adversary can custom-fab ASICs to break hashes in your PW manager password in PBKDF2-SHA256, no reason they couldn't make one in whatever harder algorithm you could come up with.

[Kuinox]

ASIC doesn't work well when a lot of RAM is required.