Hi, > > If we want to add CHECK_FOR_INTERRUPTS inside the loop I think a brief > > comment would be appropriate. > > This has been completed in patch v2 and it's ready for review.
Thanks! > > I don't think it would be useful to limit this at an arbitrary point, > > iteration > > count can be set per password and if someone wants a specific password to be > > super-hard to brute force then why should we limit that? > I agree with that. Maybe some users do want a super-hard password. > RFC 7677 and RFC 5802 don't specify the maximum number of iterations. That's a fairly good point. However we are not obligated not to implement everything that is missing in RFC. Also in fact we already limit the number of iterations to INT_MAX. If we decide to limit this number even further the actual problem is to figure out what the new practical limit would be. Regardless of the chosen number there is a possibility of breaking backward compatibility for certain users. For this reason I believe merging the proposed patch would be the right move at this point. It doesn't make anything worse for the existing users and solves a potential problem for some of them. -- Best regards, Aleksander Alekseev
