nickva commented on PR #4814: URL: https://github.com/apache/couchdb/pull/4814#issuecomment-1781372183
> I've made the cache a configurable option. for deployments that are confident they avoid basic auth they can disable it without negative consequences Makes sense. Also, good idea to go with https://github.com/esl/fast_pbkdf2/ for now. I made a PR for Erlang/OTP to fix the blocking issue https://github.com/erlang/otp/pull/7770 so far it seems to be in review and not sure what's blocking it. Hoping that would make it to maint and the next 24/25/26 patch releases. One, perhaps minor or temporary, issue with fast_pbkdf2 is that it's not FIPS-140 validated. In other words, even if the hashing code may be copy-pasted from OpenSSL library, it might not be accepted as "compliant". Not that we necessarily strive to be compliant with FIPS 140, but we do have the extra feature and mode for it, so we would then prevent users from using that feature if we go with a native hashing primitives. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
