login password denial of service
If a password hash uses an obscene amount of blowfish rounds, that can be used to denial of service the login screen by making it take years to compute a hash. If the password check takes too long, offer the user to cancel it, for instance by pressing ^C.