We could check if JS is available, and if it is we could run this on the client side
before submitting the login form?
----- Original Message -----
From: "Bruno Oliveira" <bruno(a)abstractj.org>
To: "Bill Burke" <bburke(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Tuesday, 3 June, 2014 11:10:23 AM
Subject: Re: [keycloak-dev] profile results
Good morning Bill, NIST recommends 1000 as the minimum
(
http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf). Look
for "A
minimum iteration count of 1,000 is recommended".
So I think we can find the middle term, for example LastPass uses 5000
(
https://helpdesk.lastpass.com/security-options/password-iterations-pbkdf2/).
On 2014-06-02, Bill Burke wrote:
>
https://issues.jboss.org/browse/KEYCLOAK-508
>
> I wondering if we should have this default value low or high?
>
> On 6/2/2014 5:03 PM, Bill Burke wrote:
> > I ran 10 threads each running 100 threads. I get a rate of about 31ms
> > per loginpage/processLogin/accessCode2Token flow.
> >
> > According to JProfiler, 65% of time is spent in the password hashing
> > algorithm. I guess this is not surprising because this password hashing
> > algorithm is *supposed* to eat up CPU, right?
> >
> > BTW, running 20 threads concurrently I start to get deadlocks in the
> > database around UserSession processing. Going to look into that.
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
abstractj
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev