diff options
| author | Rob Austein <sra@hactrn.net> | 2015-07-01 17:34:57 -0400 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2015-07-01 17:34:57 -0400 |
| commit | 303152d464631af69c2947631d0629aa31c099b3 (patch) | |
| tree | a7e46151d6eaf836c27325b16f9e787003ec3c4c /schema.sql | |
| parent | c45562762aab7e874eac71792f9eebb5185ee47d (diff) | |
Debug p11util.
Diffstat (limited to 'schema.sql')
| -rw-r--r-- | schema.sql | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -84,14 +84,17 @@ CREATE TABLE IF NOT EXISTS global ( -- Numeric minima for PBKDF2 iterations, length of PIN, and -- length of PBKDF2 salt are somewhat arbitrary, and will -- probably change over time (which is why they are minima). - -- Feel free to suggest better minima. + -- Initial testing was with 100000, which takes about 8 seconds + -- on a Novena with the current SHA256 and PBKDF2 + -- implementation, which seems a bit slow, so backed that down + -- a bit. Feel free to suggest better minima. - pbkdf2_iterations INTEGER NOT NULL DEFAULT 100000, + pbkdf2_iterations INTEGER NOT NULL DEFAULT 20000, so_pin BLOB, user_pin BLOB, so_pin_salt, BLOB, user_pin_salt BLOB, - CHECK ((pbkdf2_iterations >= 100000) AND + CHECK ((pbkdf2_iterations >= 10000) AND (so_pin IS NULL OR (typeof(so_pin) = "blob" AND length(so_pin) >= 32)) AND (user_pin IS NULL OR (typeof(user_pin) = "blob" AND length(user_pin) >= 32)) AND (so_pin_salt IS NULL OR (typeof(so_pin_salt) = "blob" AND length(so_pin_salt) >= 16)) AND |