Thanks Alexander. Can you confirm that pbkdf2 is only used for login and replication ? Could there be other situations where this is used?
Quite happy to keep iteration level low for replication. On Wed, Feb 11, 2015 at 8:44 AM, Alexander Shorin <[email protected]> wrote: > The intentions was avoid performance degradation: you may set 10000 as > specification recommends, but this will significantly slow down > authentication process and especially replication which currently > cannot use cookies for auth. While 10 iterations is low, it's still > better than salted sha1 which was used previously. > -- > ,,,^..^,,, > > > On Tue, Feb 10, 2015 at 7:50 AM, jumbo jim <[email protected]> wrote: > > Hi, > > > > I noticed when creating new users in 1.6.1, that only 10 iterations of > > pbkdf2 is used. > > > > I found the following link - > > > > https://issues.apache.org/jira/browse/COUCHDB-2066 > > > > What "requests" (other than login), go through the pbkdf2 scheme? > > > > I would imagine that replicators would not make use of session cookies, > so > > therefore pbkdf2 would be used here. However, I am quite happy for the > > replicator user to have pbkdf2 iterations at 10 as this user contains a > > (strong) password that I control. > > > > I am more concerned with other users set at 10 iterations. Is pbkdf2 used > > for read/writes even though session cookies are used? > > > > What would the reasons be against using 10000 iterations? > > > > Thank you. >
