On Mon, 12 Feb 2024 at 14:13, Nicolas CARPi <nicola...@rpi.ooo> wrote: > > Hello everyone, > > Please find attached my very first patch to the documentation. Hope I > did everything good! :) > > Based on a comment from @bugre: > https://github.com/haproxy/haproxy/issues/2251#issuecomment-1716594046 > > (and also because I've been bitten by this!)
This is getting confusing and I'm not sure if I agree with this patch. The problem is neither the libc nor the hash itself, but the iterations. Documenting that one libc performs worse or even much worse is besides the point. The point is that strong hashes with high iteration counts are designed to be a self-DoS, and that is exactly how they behave in haproxy, on all libcs. Worse, this suggests at least in some way that a configuration like this acceptable on glibc. Lukas
