Local parameter

Must contain sufficient entropy
way beyond a typical password or even passphrase
Hashes are not crackable offline without knowledge of the local parameter
However, if the local parameter is stored right on the authentication server or in the password database, then it is likely to be stolen/leaked along with hashes
Problem: migration of hashes between systems
Solution: embed a "local parameter ID" in the hash encodings, support multiple local parameters at once