From 8c7bee515ad3d28b982cfc4e2ca92997df213636 Mon Sep 17 00:00:00 2001
From: vladdd <vladimir.v.diaz@gmail.com>
Date: Thu, 12 Sep 2013 12:50:11 -0400
Subject: [PATCH] Relocate the default PBKDF2 iterations to tuf.conf

---
 tuf/conf.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/tuf/conf.py b/tuf/conf.py
index de9ad7f7..249ab870 100755
--- a/tuf/conf.py
+++ b/tuf/conf.py
@@ -54,4 +54,14 @@
 # The time (in seconds) we ignore a server with a slow initial retrieval speed.
 SLOW_START_GRACE_PERIOD = 30 #seconds
 
-
+# The current "good enough" number of PBKDF2 passphrase iterations.
+# We recommend that important keys, such as root, be kept offline.
+# 'tuf.conf.PBKDF2_ITERATIONS' should increase as CPU speeds increase, set here
+# at 100,000 iterations by default (in 2013).  The repository maintainer may opt
+# to modify the default setting according to their security needs and
+# computational restrictions.  A strong user password is still important.
+# Modifying the number of iterations will result in a new derived key+PBDKF2
+# combination if the key is loaded and re-saved, overriding any previous
+# iteration setting used by the old '<keyid>.key'.
+# https://en.wikipedia.org/wiki/PBKDF2
+PBKDF2_ITERATIONS = 100000