CVSROOT: /cvs
Module name: src
Changes by: k...@cvs.openbsd.org 2023/09/02 03:14:47
Modified files:
sbin/bioctl : bioctl.8 bioctl.c
Log message:
Use a hardware based number of KDF rounds by default for passphrases
When creating new crypto volumes with a passphrase or updating one, pick a
number of rounds that aims to take around 1s instead of just 16 (on X230 and
T14 machines, 16 rounds unlock pretty much instantly).
New default [-r auto] never decreases rounds, only explicit '-r N' can.
16 is the absolute minimum.
Motivation is to provide a saner and more modern default, especially for
fresh installations utilizing new disk encryption question.
Prodding for new default from and OK jsing on early "-r auto" installer diff
idea to to pick MAX(auto, old-rounds) from Lucas[AT sexy DOT is]
"seems acceptable to me" deraadt
Feedback kettenis sthen
OK op
