Certain password storage schemes are intentionally expensive. These include the following:
  • PBKDF2
  • bcrypt
  • scrypt
  • Argon2
  • The MD5, SHA-2-256 and SHA-2-512 variants of the crypt scheme

These schemes are designed to consume a significant amount of CPU (and also memory in some cases) to increase the amount of resources an attacker must expend to crack a password if they happen to get access to the password's encoded representation. However, this same cost is also incurred for legitimate operations involving the password, including encoding clear-text passwords during account creation and password changes, and also when validating passwords during authentication. These schemes can be configured to adjust the amount of resources they consume and should be tuned so that the resource consumption under expected peak load will not exceed the capacity of the topology.

In addition, if you are initially populating the server using an LDIF import that contains clear-text passwords, using one of these schemes can cause the LDIF import to proceed at a small fraction of the rate that could be achieved with a faster storage scheme (such as one that uses a 256-bit or 512-bit salted SHA-2 digest). In such cases, you may wish to import the data using a faster scheme and then change the configuration to make the desired scheme the new default and mark the scheme used for import as deprecated. By doing this, accounts with passwords encoded using the import scheme will automaticallybe re-encoded with the new scheme the first time that the user successfully authenticates using that password.