I tested OpenBSD 5.6 in VirtualBox on a RHEL 6.5 Workstation, T410: A few installs, with full disc encryption, only the rounds differ the guests had: 2 GB RAM, fixed 10 GB HDD, same 10 char pwd, i5 CPU M 560: (I placed dots only for better reading, not in the real command)
A = bioctl -r 1.000 -c C -l /dev/sd0a softraid0 B = bioctl -r 100.000 -c C -l /dev/sd0a softraid0 C = bioctl -r 1.000.000 -c C -l /dev/sd0a softraid0 D = bioctl -r 10.000.000 -c C -l /dev/sd0a softraid0 E = without encryption I did a: dd if=/dev/zero of=test.foo on them: A = ~107 sec B = ~105 sec C = ~109 sec D = ~106 sec E = ~110 sec -> ~22 MB/s >From the man pages: -r rounds When creating an encrypted volume, specifies the number of iterations of the PBKDF2 algorithm used to convert a passphrase into a key. Higher iteration counts take more time, but offer more resistance to key guessing attacks. The minimum is 1000 rounds and the default is 8192. --------------------------- Questions for the community/devs: - Are there any statistics for comparing the rounds vs. the time for one password to "crack"? What is the best* round number? *- Does the rounds affect the disk performance, ex.: 1000 vs. 10 000 000**? OR it just ONLY affects the time until the password unlocks the CRYPT device? **When I used 10 000 000 rounds, after giving the pwd at boot, it took ~30 seconds to start the real boot It looks like using dd didn't do any difference between encrypted vs. not-encrypted disks.. so was my tests bad? Thank you,