'algo' => 'sha512', 'cost' => '128000', 'length' => '64',
For the pbkdf2 parameters at the WMF. This will reduce the amount of work mediawiki does for password hashing by 40%, while increasing the amount of work an attacker has to do by 2.5x.
For our tarball, we should probably adjust the default params to,
'algo' => 'sha512', 'cost' => '40000', 'length' => '64',