Late 1970s - Unix: "The Threat of the DES Chip" "Chips to perform the DES encryption are already commercially available and they are very fast." In crypt(3), "one of the internal tables of the DES algorithm [...] is changed in a way that depends on the 12-bit random number. The E-table is inseparably wired into the DES chip, so that the commercial chip cannot be used." Except for hashes on which the 12-bit salt happens to be zero Food for thought: what if DES chips were installed into some computers running Unix, and instead of the E-table hack crypt(3) allowed for much higher iteration counts on those machines? (Indeed, salts would be implemented differently.)