[07:25:30] <ori>	 "One weakness of PBKDF2 is that while its number of iterations can be adjusted to make it take an arbitrarily large amount of computing time, it can be implemented with a small circuit and very little RAM, which makes brute-force attacks using ASICs or GPUs relatively cheap." (https://en.wikipedia.org/wiki/PBKDF2)
[07:25:46] <ori>	 why are we using it then?
[13:36:29] <ori>	 anomie: https://gerrit.wikimedia.org/r/#/c/291503/
[14:09:53] <tgr>	 ori: IMO we shouldn't use it, but the main argument for PBKDF2 is that it survived more scrutiny than the alternatives (NIST-certified, etc)
[14:10:41] <tgr>	 bcrypt is stronger but less tested in real life, scrypt is even stronger but even less tested
[14:11:30] * ori nods
[14:12:35] <tgr>	 and I suppose argon2 is even stronger and even less tested
[14:14:01] <ori>	 and one of its two variants (Argon2i) already has two published attacks
[14:15:12] <ori>	 btw, the difference between PS2 (which you merged) and PS3 is that the config override moved to phpunit.php, where the actual global is modified. Session doesn't use the Config interface, so PS2 didn't actually make a difference for the unit tests
[14:15:38] <ori>	 but note the drop in mediawiki-phpunit-hhvm-trusty run time between PS2 and PS3
[14:15:56] * ori crashes
[15:03:33] <ori>	 err, not merged, +1'd