Tsukasa HAMANO wrote:
At Wed, 05 Nov 2014 09:32:43 +0000,
Howard Chu wrote:
> Any particular reason you've decreased the iterations from 60000 to 10000?
It was too slow when stretching 60000 on powerless server.
My tiny VM needed over 1sec if iterate 60000 by PBKDF2-SHA512.
RFC recommends more than 1000 iterations, it would be safe enough 10000 iterations.
OK. I've committed it without any changes, thanks for the patch.
It is desirable to be able to change the operator, but slapasswd
not read slapd.conf so I was stuck.
I'm planning to change slappasswd that accept iteration count in the future.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/