All tests run on an 8-year-old MacBook Air. When you encrypt a PDF with a password, that password needs to become a 32-byte key. How you do that conversion matters more than most people realize. The problem with bcrypt bcrypt is fine for password hashing. It's not designed for key derivation. Output is fixed at 60 characters β not suitable as a raw encryption key Memory usage is low, making GPU-based brute force cheap No built-in support for generating arbitrary-length keys PBKDF2 is better but still memory-light. A GPU farm can run billions of iterations per second against it. Why Argon2id Argon2id won the Password Hashing Competition in 2015. It's memory-hard by design. Memory-hard means: to brute force it, you need not just compute but RAM. A GPU with thousands of cores but limited memory per core is suddenly much less useful.β¦
