Quote: "It took only 24 hours using an old spare machine to crack 25% of the passwords. Very little effort or CPU power." Time for another "use bcrypt", methinks.
Couchdb has an open ticket on this very issue, which is part of the problem. The other part is the fact that they have really nonsensical configuration defaults.