[thanksforfish]

How are folks using light weight cloud resources approaching password hashing? The `10s of gigabytes of RAM` feels like an expensive requirement. Even lower memory, high iteration count sha256 seems expensive for something like AWS Lambda where you're paying by the millisecond.

From the UX perspective there's also the issue that adding a second of latency during login or registration could increase user drop off.

How many sites really incur the higher costs and higher latency?

[forty]

You can offload some or all of the hashing to the client side. I heard this technic called "Server relief".

[alserio]

Can you? For memory hardened algorithms you are assuming a lot of RAM from your users/clients devices

[forty]

Yes, it certainly depends on your use case and target clients.