You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2021/07/13 15:11:30 UTC

[GitHub] [couchdb] rnewson commented on issue #3665: Enable wider control of PBKDF2

rnewson commented on issue #3665:
URL: https://github.com/apache/couchdb/issues/3665#issuecomment-879173361


   You are correct that the iteration count is too low (the previous scheme is a single pass SHA1, which is as low as it goes).
   
   the blocker here, for increasing iterations or for switching to sha256 or bcrypt/scrypt/yescrypt is that many tools use basic auth, rather than acquire a session cookie, so the desired auth time penalty of 0.5 - 1.0 sec renders the database unusable. There needs to be some more nuanced plan.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@couchdb.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org