Thus said "whoami toask" on Sat, 03 Jan 2015 17:18:04 -0500: > *- Does the rounds affect the disk performance, ex.: 1000 vs. 10 000 > 000**? OR it just ONLY affects the time until the password unlocks the > CRYPT device?
Yes, unless I'm mistaken, it really only affects how long it takes to generate the key from the passphrase. Once the key is in memory, the number of rounds is no longer really relevant. Also, one of the primary reasons for having salts/rounds is to protect against offline attacks against the password database (e.g. someone obtains /etc/master.passwd and begins to hash passwords until a match is found) using rainbow tables. With random salts and large rounds it will be extremely prohibitive to crack all the passwords in the database. In the case of an encrypted volume, however, we aren't talking about a password database with all kinds of usernames/passwords. We're talking about a single key derived from a passphrase which means salts/rounds don't have the same implications as they do for an offline attack against a database. In this case, it would seem that the best protection is a larger number of rounds (bioctl defaults to 8192 according to the man page). Andy -- TAI64 timestamp: 4000000054a881c2
