> Date: Fri, 11 Aug 2023 11:13:23 +0000
> From: Klemens Nanni <k...@openbsd.org>
>
> On Mon, May 08, 2023 at 11:00:27AM +0000, Klemens Nanni wrote:
> > On Sun, Apr 23, 2023 at 05:07:30PM +0000, Klemens Nanni wrote:
> > > For new installs, it seems adequate to base the number on the actual
> > > hardware,
> > > assuming the CRYPTO volume will stay in that hardware for a while.
> > >
> > > The current default of 16 is from old PKCS5 PBKDF2 times and changing it
> > > in
> > > bioctl(8) is a more invasive change (for later, perhaps).
> > >
> > > Thoughts? Feedback from the crypto folks appreciated.
> > >
> > > On X230 and T14, 16 feels pretty instant, whereas 'auto' takes about a
> > > second
> > > on a T14.
> >
> > Ping.
>
> Anyone?
>
> I consider a hardware based value a saner default for new installations
> (root disk volumes are most likely to stick around on the same machine)
> than a decade old constant.
See the recent discussion about _bcrypt_autorounds() in libc.
System performance varies, and even on modern hardware it can provide
varying results. The ramdisk environment is considerably different
from the mult-user environment in this respect.
Using a fixed value is way more predictable. If 16 no longer is a
safe default it should be raised.
> >From bioctl(8):
> -r rounds
> The number of iterations for the KDF algorithm to use when
> converting a passphrase into a key, in order to create a new
> encrypted volume or change the passphrase of an existing
> encrypted volume. A larger number of iterations takes more time,
> but offers increased resistance against passphrase guessing
> attacks. If rounds is specified as auto, the number of rounds
> will be automatically determined based on system performance.
> Otherwise the minimum is 4 rounds and the default is 16.
>
> Rebased diff.
>
> Index: install.sub
> ===================================================================
> RCS file: /cvs/src/distrib/miniroot/install.sub,v
> retrieving revision 1.1253
> diff -u -p -r1.1253 install.sub
> --- install.sub 10 Aug 2023 17:09:34 -0000 1.1253
> +++ install.sub 11 Aug 2023 11:02:19 -0000
> @@ -3097,7 +3097,7 @@ encrypt_root() {
> md_prep_fdisk $_chunk
> echo 'RAID *' | disklabel -w -A -T- $_chunk
>
> - until bioctl -Cforce -cC -l${_chunk}a softraid0 >/dev/null; do
> + until bioctl -Cforce -cC -rauto -l${_chunk}a softraid0 >/dev/null; do
> # Most likely botched passphrases, silently retry twice.
> ((++_tries < 3)) || exit
> done
>
>
