Hash DoS

remember, kids: any service responsible enough to hash passwords with a lengthy and expensive to calculate crypto function is also a service you can probably bring down by finding a way to trigger that crypto function’s execution tens of thousands of times in a row