Speed of offline attacks (with salts) Assumptions: Unique per-user salts Non-targeted attack Accounts are of equal value No password strength hint It is tough to limit offline attack speed to 1000/s (by password stretching). Obviously, if we need to handle more than 1000 requests/s ourselves, an attacker with the same resources will also be able to try at least as many. 1 billion/s is a conservative GPU attack speed estimate for hashes without password stretching. In practice, multi-billion speeds are often achieved.