Tsukasa HAMANO wrote: > Hi, Howard > > At Wed, 05 Nov 2014 09:32:43 +0000, > Howard Chu wrote: >> >> Any particular reason you've decreased the iterations from 60000 to 10000? >> > > It was too slow when stretching 60000 on powerless server. > My tiny VM needed over 1sec if iterate 60000 by PBKDF2-SHA512. > RFC recommends more than 1000 iterations, it would be safe enough 10000 > iterations. > FYI: > http://security.stackexchange.com/questions/3959/recommended-of-iterations-when-using-pkbdf2-sha256
OK. I've committed it without any changes, thanks for the patch. > It is desirable to be able to change the operator, but slapasswd does > not read slapd.conf so I was stuck. > I'm planning to change slappasswd that accept iteration count in the future. > Thank you. > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
