@Sven Groot: Initially, I was thinking the salt would be small, like 64 bits, or 8 chars. Something like that wouldn't be too bad to unhash with a known password and a pile of GPUs. But if the 64bits of salt had cryptographic quality randomness or was just significantly larger, that would be more difficult.

Either way, I wouldn't want to roll my own crypto system. If security was important enough to warrant something compute intensive, like PBKDF2, then they should have the backend system strong enough to handle the authentication load.

-Josh