Hi,
Please merge the additional patch: https://www.osstech.co.jp/download/hamano/openldap-pbkdf2_nettle.patch
This patch include nettle support and fix a issue. https://github.com/hamano/openldap-pbkdf2/pull/4 https://github.com/hamano/openldap-pbkdf2/pull/3
Thank you.
At Wed, 05 Nov 2014 11:57:33 +0000, Howard Chu wrote:
Tsukasa HAMANO wrote:
Hi, Howard
At Wed, 05 Nov 2014 09:32:43 +0000, Howard Chu wrote:
Any particular reason you've decreased the iterations from 60000 to 10000?
It was too slow when stretching 60000 on powerless server. My tiny VM needed over 1sec if iterate 60000 by PBKDF2-SHA512. RFC recommends more than 1000 iterations, it would be safe enough 10000 iterations. FYI: http://security.stackexchange.com/questions/3959/recommended-of-iterations-w...
OK. I've committed it without any changes, thanks for the patch.
It is desirable to be able to change the operator, but slapasswd does not read slapd.conf so I was stuck. I'm planning to change slappasswd that accept iteration count in the future. Thank you.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/