Comment 2 for bug 1468422

Additional experiments suggests a mass password migration is not feasible. With the current iter_count (work factor) of 10, hashing takes .1 seconds. In a database with 1 million patrons, this would take ~27 hours to complete. Plus, we probably want a larger iter_count, one that takes about a second to calculate (iter_count "14" on my server) for increased security. That would take about 11 days.

I'll plan to rework the code to support real-time migration. With this, we still have the option of performing batches of password migrations, e.g. via cron after hours, to ensure that all passwords are eventually migrated.