Hmm, I'm leaning towards what Rob proposed in comment 9: considering this a performance issue and making the password significant length (truncation) configurable in Havana, defaulting to 256. That sounds like a good trade-off between upgradeability and configurable security.
Hmm, I'm leaning towards what Rob proposed in comment 9: considering this a performance issue and making the password significant length (truncation) configurable in Havana, defaulting to 256. That sounds like a good trade-off between upgradeability and configurable security.