Ticket 49135 - PBKDF2 should determine rounds at startup
Bug Description: We used a hardcoded number of rounds for PBKDF2
Fix Description: Rather than hardcoding rounds at startup, we define
an attacker "work" factor. We have chosen 40 milliseconds for now.
Based on this factor, we then run a test to determine the CPU performance
of the system. If the CPU performance is belowe a threshold, we use
10,000 rounds. If it is above, we scale the rounds up to our work
factor. This way, each attempt by an attacker on a password should
take 40 milliseconds - enough to cause them headaches, but still
have a fast ldap server (given a bind takes about 500 milliseconds
on my laptop today).
https://pagure.io/389-ds-base/issue/49135
Author: wibrown
Review by: mreynolds (Thanks!!)