Login with password is slow
Created by: cburchert
When logging in the hashing of the password takes about a second. This is the case because we are hashing the password 100'000 times. The reason we do this is to make it harder to bruteforce the password in case of a database leak. An attacker has to do 100'000 hashes for every password he is trying.
I propose we reduce this number by a factor of 100 to increase the user experience. A strong password prevents these attacks better than a high constant (factor 100 ~ one character longer password). The number of passwords actually protected by the constant is likely slim. Passwords in dictionaries can likely be bruteforced nevertheless and strong passwords will not be bruteforced.