diff --git a/server/src/test/resources/killbill.properties b/server/src/test/resources/killbill.properties
index 6a30a5c..dd7b4f2 100644
--- a/server/src/test/resources/killbill.properties
+++ b/server/src/test/resources/killbill.properties
@@ -37,5 +37,8 @@ killbill.billing.persistent.bus.claimed=1
killbill.osgi.bundle.install.dir=/var/tmp/somethingthatdoesnotexist
+# Speed up from the (more secure) default
+killbill.server.multitenant.hash_iterations=10
+
ANTLR_USE_DIRECT_CLASS_LOADING=true
diff --git a/tenant/src/main/java/com/ning/billing/tenant/security/KillbillCredentialsMatcher.java b/tenant/src/main/java/com/ning/billing/tenant/security/KillbillCredentialsMatcher.java
index 31eb22d..f95478b 100644
--- a/tenant/src/main/java/com/ning/billing/tenant/security/KillbillCredentialsMatcher.java
+++ b/tenant/src/main/java/com/ning/billing/tenant/security/KillbillCredentialsMatcher.java
@@ -22,9 +22,11 @@ import org.apache.shiro.crypto.hash.Sha512Hash;
public class KillbillCredentialsMatcher {
+ public static final String KILLBILL_TENANT_HASH_ITERATIONS_PROPERTY = "killbill.server.multitenant.hash_iterations";
+
// See http://www.stormpath.com/blog/strong-password-hashing-apache-shiro and https://issues.apache.org/jira/browse/SHIRO-290
public static final String HASH_ALGORITHM_NAME = Sha512Hash.ALGORITHM_NAME;
- public static final int HASH_ITERATIONS = 500000;
+ public static final Integer HASH_ITERATIONS = Integer.parseInt(System.getProperty(KILLBILL_TENANT_HASH_ITERATIONS_PROPERTY, "200000"));
private KillbillCredentialsMatcher() {}
