KDFs unfriendly to hardware we do not have

This is controversial
Concept pioneered in DES-based crypt(3) being unfriendly to existing DES chips
If our authentication server only has CPUs and RAM, then the KDF being GPU-unfriendly is a plus
However, future server CPUs might have embedded GPUs or similar (e.g., Intel MIC)
If we have an FPGA or ASIC in the server, being CPU-unfriendly is a plus
e.g., this may slow down attacks with a botnet, where victims' computers will generally not have specialized hardware
Multiple blocks friendly to different hardware components that we have
However, complexity is the enemy of security and reliability
Configurable unfriendliness (set of blocks to use and their weights)