Re: (ITS#7977) Supported PBKDF2-SHA256 and PBKDF2-SHA512
Tsukasa HAMANO wrote:
Hi, Howard
At Wed, 05 Nov 2014 09:32:43 +0000,
Howard Chu wrote:
>
> Any particular reason you've decreased the iterations from 60000 to 10000?
>
It was too slow when stretching 60000 on powerless server.
My tiny VM needed over 1sec if iterate 60000 by PBKDF2-SHA512.
RFC recommends more than 1000 iterations, it would be safe enough 10000 iterations.
FYI:
http://security.stackexchange.com/questions/3959/recommended-of-iteration...
OK. I've committed it without any changes, thanks for the patch.
It is desirable to be able to change the operator, but slapasswd
does
not read slapd.conf so I was stuck.
I'm planning to change slappasswd that accept iteration count in the future.
Thank you.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/