Comment 3 for bug 1468422

Changes pushed. From the commit:

Don't rely on mass password migration, since it would take a very long time. Instead, migrate users on demand.

Raise work factor (iteration count) from 10 to 14.

Current flow:

1. Application requests a salt to use as CHAP-style seed
2. If new-style password exists, salt is returned.
3. Else, old password is migrated and the new salt is returned.
4. App finalizes login by checking verify_passwd.

--

With this, batch migrations could still be performed by looping over actor.migrate_passwd(user_id) as a separate process.

Simple tests still pass.