Product Documentation

Database Administrator's Guide

Previous Topic

Next Topic

PASSWORD_HASH_DIFFICULTY

Password_Hash_Difficulty

In V13.0.4 onwards, sets a scaling factor for PASSWORD_HASH values.

The higher the value, the higher the computational cost on the client and server during password authentication, and the more resistant the password database will be to offline brute force attacks.

Options:

ORIGINAL - not used

PBKDF2_SHA2_512 - 210000

PBKDF2_SHA3_512 - 210000

Defaults to PASSWORD_HASH value.

More information:

Changes to PASSWORD_HASH_DIFFICULTY will only take effect when each user's password is next added or changed.

Clients must support the hash algorithm configured by the server. This may be a consideration for users with older non-native clients that may have more limited encryption support.

Warning: Increasing PASSWORD_HASH_DIFFICULTY values may lead to noticeable login delays after user passwords are changed to use the new difficulty. Ensure you change a test account password after making this change and use that account for performance testing on a variety of anticipated client hardware, as clients without hardware support for the underlying cryptographic hash function(e.g. SHA512 or SHA3-512) may be significantly slower.

TOCIndex