[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7977) Supported PBKDF2-SHA256 and PBKDF2-SHA512

Hi, Howard

At Wed, 05 Nov 2014 09:32:43 +0000,
Howard Chu wrote:
> Any particular reason you've decreased the iterations from 60000 to 10000?

It was too slow when stretching 60000 on powerless server.
My tiny VM needed over 1sec if iterate 60000 by PBKDF2-SHA512.
RFC recommends more than 1000 iterations, it would be safe enough 10000 iterations.
FYI: http://security.stackexchange.com/questions/3959/recommended-of-iterations-when-using-pkbdf2-sha256

It is desirable to be able to change the operator, but slapasswd does
not read slapd.conf so I was stuck.
I'm planning to change slappasswd that accept iteration count in the future.
Thank you.

Open Source Solution Technology Corporation
HAMANO Tsukasa <hamano@osstech.co.jp>
fingerprint = 2285 2111 6D34 3816 3C2E  A5B9 16BE D101 6069 BE55