Joel encouraged me to switch to '-r auto' by default sooner than later. The alternative installer diff on tech@ would thus be obsolete/a NOOP.
If you do encrypted disk installs on one machine, but use them on another, or you want a specific number of rounds, just use '-r N' during creation or passphrase updates to change existing volumes (might be recommended to increase rounds on older volumes?). Diff below only flips the default so '-r' value behaviour does not change. Do we want a warning on '-r auto' usage to deprecate explicitly specifying the new default? Feedback? Objection? OK? Index: bioctl.8 =================================================================== RCS file: /cvs/src/sbin/bioctl/bioctl.8,v retrieving revision 1.111 diff -u -p -r1.111 bioctl.8 --- bioctl.8 6 Jul 2023 21:08:50 -0000 1.111 +++ bioctl.8 11 Aug 2023 13:49:09 -0000 @@ -282,11 +282,13 @@ passphrase into a key, in order to creat passphrase of an existing encrypted volume. A larger number of iterations takes more time, but offers increased resistance against passphrase guessing attacks. -If +By default, or if .Ar rounds -is specified as "auto", the number of rounds will be automatically determined +is specified as +.Cm auto , +the number of rounds will be automatically determined based on system performance. -Otherwise the minimum is 4 rounds and the default is 16. +The minimum is 4 rounds. .It Fl s Read the passphrase for the selected crypto volume from .Pa /dev/stdin Index: bioctl.c =================================================================== RCS file: /cvs/src/sbin/bioctl/bioctl.c,v retrieving revision 1.151 diff -u -p -r1.151 bioctl.c --- bioctl.c 18 Oct 2022 07:04:20 -0000 1.151 +++ bioctl.c 11 Aug 2023 13:36:41 -0000 @@ -89,7 +89,7 @@ int devh = -1; int human; int verbose; u_int32_t cflags = 0; -int rflag = 0; +int rflag = -1; /* auto */ char *password; void *bio_cookie;
