Mid 1990s: FreeBSD fixed iteration count FreeBSD MD5-based crypt(3) by Poul-Henning Kamp, 1994 Long passwords, 1000 iterations of MD5 (not configurable), up to 48-bit salt "On a 60 Mhz Pentium this takes 34 msec" (source code comment) A password cracking optimized reimplementation later ran 5 times faster (also on original Pentium) In late 1990s, adopted by most Linux distributions and Cisco IOS $1$longsalt$0QgNqdKo00f5to4mPrBB3. "How should a password algorithm be designed today? I'd use iterated, salted, locally-parameterized SHA or MD5 [...] I'd use an iteration count stored with the hashed password" Steven M. Bellovin, Bugtraq mailing list posting, 1995