PBKDF2KeyDerivation has a check to enforce a lower limit of 10,000 iterations of PBKDF2 to apply when generating key.
Possibly this is too high and we could reduce to a lower limit that may improve overall key generation performance.
Steps to Reproduce
Set following in Tomcat setenv.sh and do a fresh install: will throw IllegalStateException as iterations value too low.
If applied this should probably go in hand with an addition to documentation stating that this setting should be considered alongside the quality of the encryption password