These numbers are for 32 iterations ("$2a$05"):

			OpenBSD 3.0 bcrypt(*)	crypt_blowfish 0.4.4
Pentium III, 840 MHz	99 c/s			121 c/s (+22%)
Alpha 21164PC, 533 MHz	55.5 c/s		76.9 c/s (+38%)
UltraSparc IIi, 400 MHz	49.9 c/s		52.5 c/s (+5%)
Pentium, 120 MHz	8.8 c/s			20.1 c/s (+128%)
PA-RISC 7100LC, 80 MHz	8.5 c/s			16.3 c/s (+92%)

(*) built with -fomit-frame-pointer -funroll-loops, which I don't
think happens for libcrypt.

Starting with version 1.1 released in June 2011, default builds of
crypt_blowfish invoke a quick self-test on every hash computation.
This has roughly a 4.8% performance impact at "$2a$05", but only a 0.6%
impact at a more typical setting of "$2a$08".

The large speedup for the original Pentium is due to the assembly
code and the weird optimizations this processor requires.

The numbers for password cracking are 2 to 10% higher than those for
crypt_blowfish as certain things may be done out of the loop and the
code doesn't need to be reentrant.

Recent versions of John the Ripper (1.6.25-dev and newer) achieve an
additional 15% speedup on the Pentium Pro family of processors (which
includes Pentium III) with a separate version of the assembly code and
run-time CPU detection.

$Owl: Owl/packages/glibc/crypt_blowfish/PERFORMANCE,v 1.6 2011/06/21 12:09:20 solar Exp $