Comment 15 for bug 1175906

Hmm, I'm leaning towards what Rob proposed in comment 9: considering this a performance issue and making the password significant length (truncation) configurable in Havana, defaulting to 256. That sounds like a good trade-off between upgradeability and configurable security.