Re: salted duplicate check
If salted hash is used, the salt values for all existing passwords are necessarily stored in the authentication database along with the hashes. So the check for same password simply salts and hashes the candidate with each of them and checks if the resulting hash is already in the database.
So you have to read every row in the table and do some computation on it, before inserting your single new row? Nice DDOS opportunity.