On Friday 14 October 2016 18:19:21 Bryan Linton wrote:
> On 2016-10-14 09:21:24, Peter Janos <peterjan...@mail.com> wrote:
> > Hello,
> > [snip]
> > ps.: it would be nice to have a feature in the default installer to
> > install
> > with full disc encryption :) we still have to escape to shell during
> > install and ex.:
> > install60.iso
> > (S)hell
> > dmesg | grep MB # or: sysctl hw.disknames
> > dd if=/dev/urandom of=/dev/rsd0c bs=1m # not needed, only for paranoids
> > dd if=/dev/zero of=/dev/rsd0c bs=1m count=1
> > fdisk -iy sd0
> > disklabel -E sd0
> > a a
> > enter
> > enter
> > RAID
> > w
> > q
> > bioctl -c C -l /dev/sd0a -r 20000000 softraid0
> > # use a random high iteration number x > 10 000 000
> I just want to point out (for the archives as well as others) that
> the softraid crypto discipline has recently been switched from
> PBKDF2 to bcrypt.
> Since bcrypt calculates its rounds based on the exponentiation of
> the number (i.e. the default of 16 rounds actually performs 2^16
> rounds or 65536 rounds), the default number of "rounds" was
> reduced from 8192 to only 16. If you were to use 20 million
> "rounds" with the new bcrypt algorithm, I wouldn't be surprised if
> it took weeks, months, or even YEARS to actually mount your disk
> after inputting your password.
> For reference, I tried to simply calculate 2^20 millionth power
> using dc for my own amusement and gave up after it crunched numbers
> for over a minute with no answer returned.
> A value of 24 (2^24 or 16,777,216) or 25 (2^25 or 33,554,432)
> would probably be closer to what you actually want.
The number of rounds specified for bcrypt_pbdkf(3) is linear, not logarithmic
(unlike bcrypt(3)). That said, the processing required for each round is
significantly higher than that of pkcs5_pbkdf2(3) (using `bioctl -r auto -v`
will tell you rounds your machine will do in ~1s).
> > exit
> > Start install to the newly created bioctl/crypt raid device: sdX, where X
> > is ex.: 2...
> > with a random (but very high) number for iteration, afaik iteration only
> > counts when typing in the password, much higher iteration would slow down
> > brute-force attackers.
> Indeed it would. Quite significantly in fact.