From 4261dc1d80e3813e50763e7643faa0dbcf6626f9 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sun, 26 Dec 2021 16:51:04 +0100
Subject: mod_auth_internal_hashed: Up iteration count to 10000 per XEP-0438

More security for less pain than switching to SCRAM-SHA-256

The XEP will likely be change to reference the RFC that will probably
come from draft-ietf-kitten-password-storage once it is ready, and then
we should update to follow that.
---
 util/sasl/scram.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'util')

diff --git a/util/sasl/scram.lua b/util/sasl/scram.lua
index f11ae2e0..37abf4a4 100644
--- a/util/sasl/scram.lua
+++ b/util/sasl/scram.lua
@@ -41,7 +41,7 @@ Supported Channel Binding Backends
 'tls-unique' according to RFC 5929
 ]]
 
-local default_i = 4096
+local default_i = 10000
 
 local function validate_username(username, _nodeprep)
 	-- check for forbidden char sequences
-- 
cgit v1.2.3