From 303152d464631af69c2947631d0629aa31c099b3 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Wed, 1 Jul 2015 17:34:57 -0400
Subject: Debug p11util.

---
 schema.sql | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'schema.sql')

diff --git a/schema.sql b/schema.sql
index 0ff5562..aaf2b21 100644
--- a/schema.sql
+++ b/schema.sql
@@ -84,14 +84,17 @@ CREATE TABLE IF NOT EXISTS global (
        -- Numeric minima for PBKDF2 iterations, length of PIN, and
        -- length of PBKDF2 salt are somewhat arbitrary, and will
        -- probably change over time (which is why they are minima).
-       -- Feel free to suggest better minima.
+       -- Initial testing was with 100000, which takes about 8 seconds
+       -- on a Novena with the current SHA256 and PBKDF2
+       -- implementation, which seems a bit slow, so backed that down
+       -- a bit.  Feel free to suggest better minima.
 
-       pbkdf2_iterations        INTEGER NOT NULL DEFAULT 100000,
+       pbkdf2_iterations        INTEGER NOT NULL DEFAULT 20000,
        so_pin                   BLOB,
        user_pin                 BLOB,
        so_pin_salt,             BLOB,
        user_pin_salt            BLOB,
-       CHECK ((pbkdf2_iterations >= 100000)                                                               AND
+       CHECK ((pbkdf2_iterations >= 10000)                                                                AND
               (so_pin        IS NULL OR (typeof(so_pin)        = "blob" AND length(so_pin)        >= 32)) AND
               (user_pin      IS NULL OR (typeof(user_pin)      = "blob" AND length(user_pin)      >= 32)) AND
               (so_pin_salt   IS NULL OR (typeof(so_pin_salt)   = "blob" AND length(so_pin_salt)   >= 16)) AND
-- 
cgit v1.2.3