diff --git a/lib/hashing_passwords.py b/lib/hashing_passwords.py
index 1c2c963b..1b86ec4e 100644
--- a/lib/hashing_passwords.py
+++ b/lib/hashing_passwords.py
@@ -32,7 +32,7 @@ HASH_FUNCTION = 'sha256'  # Must be in hashlib.
 # Linear to the hashing time. Adjust to be high but take a reasonable
 # amount of time on your server. Measure with:
 # python -m timeit -s 'import passwords as p' 'p.make_hash("something")'
-COST_FACTOR = 29000
+COST_FACTOR = 10000
 
 
 def make_hash(password):
diff --git a/lib/pbkdf2.py b/lib/pbkdf2.py
index b7a7dd42..29455db2 100644
--- a/lib/pbkdf2.py
+++ b/lib/pbkdf2.py
@@ -72,7 +72,7 @@ def pbkdf2_bin(data, salt, iterations=1000, keylen=24, hashfunc=None):
         rv = u = _pseudorandom(salt + _pack_int(block))
         for i in xrange(iterations - 1):
             u = _pseudorandom(''.join(map(chr, u)))
-            rv = starmap(xor, izip(rv, u))
+            rv = list(starmap(xor, izip(rv, u)))
         buf.extend(rv)
     return ''.join(map(chr, buf))[:keylen]