On Fri, Jun 2, 2017 at 1:09 AM, John A Meinel <[email protected]> wrote:
> Note also that I do have a stake here, as this is what we do for Juju. Its > perfectly fine to wait 1s for a user-initiated login to get a response. But > when you have 1000 agents that are restarting at the same time because you > bounced the controller machine, it takes a *long* time for them all to get > reconnected if you're spinning CPU cycles in a 1M iterated SHA hash loop. > And it seems far more efficient to get 1M more time spent in brute force > attacks by adding 20 bits (~5 more hex digits), to the key. > Well, also worth noting is that since the derived key is based on a shared secret, we can cache it in memory and we don't need to generate it again for every response. So I think it won't cause a significant performance impact here. Regards, Mike
-- Maas-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/maas-devel
