[
https://issues.apache.org/jira/browse/COUCHDB-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13902740#comment-13902740
]
Robert Newson commented on COUCHDB-2066:
----------------------------------------
[~kxepal] the 10 iterations is a short-term compromise (though any site can
raise it as they seem fit). This is because performance would plunge
unacceptably far if every request went through this scheme. Even the couchdb
replicator fails to negotiate and maintain a session cookie at this time. 10
iterations is stronger than 1, but I agree that it falls short of good enough.
If the replicator uses session cookies, then I think we can and should raise
this to 1000 or higher.
> Don't allow stupid storage of passwords
> ---------------------------------------
>
> Key: COUCHDB-2066
> URL: https://issues.apache.org/jira/browse/COUCHDB-2066
> Project: CouchDB
> Issue Type: Bug
> Security Level: public(Regular issues)
> Reporter: Isaac Z. Schlueter
>
> If a password_sha/salt combination is PUT into the _users db, wrap that up in
> PBKDF2.
> Discussion:
> https://twitter.com/janl/status/434818855626502144
> https://twitter.com/izs/status/434835388213899264
> https://twitter.com/janl/status/434835614790586368
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
