Re: (ITS#7977) Supported PBKDF2-SHA256 and PBKDF2-SHA512

5 Nov 2014


      Tsukasa HAMANO wrote:
...
Hi, Howard
At Wed, 05 Nov 2014 09:32:43 +0000,
Howard Chu wrote:
...
Any particular reason you've decreased the iterations from 60000 to 10000?
It was too slow when stretching 60000 on powerless server.
My tiny VM needed over 1sec if iterate 60000 by PBKDF2-SHA512.
RFC recommends more than 1000 iterations, it would be safe enough 10000 iterations.
FYI: http://security.stackexchange.com/questions/3959/recommended-of-iterations-w...
OK. I've committed it without any changes, thanks for the patch.
...
It is desirable to be able to change the operator, but slapasswd does
not read slapd.conf so I was stuck.
I'm planning to change slappasswd that accept iteration count in the future.
Thank you.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: (ITS#7977) Supported PBKDF2-SHA256 and PBKDF2-SHA512