couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jumbo jim <>
Subject Only 10 iterations of pbkdf2 ? Why so low?
Date Tue, 10 Feb 2015 04:50:51 GMT

I noticed when creating new users in 1.6.1, that only 10 iterations of
pbkdf2 is used.

I found the following link -

What "requests" (other than login), go through the pbkdf2 scheme?

I would imagine that replicators would not make use of session cookies, so
therefore pbkdf2 would be used here. However, I am quite happy for the
replicator user to have pbkdf2 iterations at 10 as this user contains a
(strong) password that I control.

I am more concerned with other users set at 10 iterations. Is pbkdf2 used
for read/writes even though session cookies are used?

What would the reasons be against using 10000 iterations?

Thank you.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message