Increase hash iterations for heimdal-history by roughly a factor of
four to increase the time required for a password hash to about 0.1
seconds on modern hardware. This will affect newly-stored history
entries but will not invalidate existing password history entries.
password would be accepted without updating the history or password
length databases. Based on work by macrotex.
+ Increase hash iterations for heimdal-history by roughly a factor of
+ four to increase the time required for a password hash to about 0.1
+ seconds on modern hardware. This will affect newly-stored history
+ entries but will not invalidate existing password history entries.
+
Support building without CrackLib support by passing
--without-cracklib to configure. This makes the code a bit simpler
and lighter if you don't intend to ever use the CrackLib support.
# The number of PBKDF2 iterations to use when hashing passwords. This number
# should be chosen so as to force the hash operation to take approximately 0.1
# seconds on current hardware.
-Readonly my $HASH_ITERATIONS => 14592;
+Readonly my $HASH_ITERATIONS => 40128;
# Path to the history database. Currently, this must be a Berkeley DB file in
# the old DB_HASH format. Keys will be principal names, and values will be a