They said: "personal computer", which could easily have 2x GPUs and 16+ cores. Heck, laptops nowadays can have a pretty good discrete GPU.
Using password grade hash with a =nonce= is absolutely no way to be accomplished per each request. The nonce would have to be the same for multiple uses - hence NOT a 'nonce'. The sharing of the said non-nonce would require a form a replicated Map (or IP-sticky processing with a local map). It's rather convoluted solution for absolutely no benefit as it's still not hard to brute force.
Storing it in such a way - slow hash + salt yields no benefits for debugging either, so I wonder why would you do so? Password hashes are useful for proving a match with an unknown plain text (while making it expensive to brute force) - so what would be the exact purpose of having non-nonce+IP?