Hi, Please merge the additional patch: https://www.osstech.co.jp/download/hamano/openldap-pbkdf2_nettle.patch
This patch include nettle support and fix a issue. https://github.com/hamano/openldap-pbkdf2/pull/4 https://github.com/hamano/openldap-pbkdf2/pull/3 Thank you. At Wed, 05 Nov 2014 11:57:33 +0000, Howard Chu wrote: > > Tsukasa HAMANO wrote: > > Hi, Howard > > > > At Wed, 05 Nov 2014 09:32:43 +0000, > > Howard Chu wrote: > >> > >> Any particular reason you've decreased the iterations from 60000 to 10000? > >> > > > > It was too slow when stretching 60000 on powerless server. > > My tiny VM needed over 1sec if iterate 60000 by PBKDF2-SHA512. > > RFC recommends more than 1000 iterations, it would be safe enough 10000 > > iterations. > > FYI: > > http://security.stackexchange.com/questions/3959/recommended-of-iterations-when-using-pkbdf2-sha256 > > OK. I've committed it without any changes, thanks for the patch. > > > It is desirable to be able to change the operator, but slapasswd does > > not read slapd.conf so I was stuck. > > I'm planning to change slappasswd that accept iteration count in the future. > > Thank you. > > > > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ -- Open Source Solution Technology Corporation HAMANO Tsukasa <[email protected]> fingerprint = 2285 2111 6D34 3816 3C2E A5B9 16BE D101 6069 BE55
