> Date: Fri, 11 Aug 2023 11:13:23 +0000 > From: Klemens Nanni <k...@openbsd.org> > > On Mon, May 08, 2023 at 11:00:27AM +0000, Klemens Nanni wrote: > > On Sun, Apr 23, 2023 at 05:07:30PM +0000, Klemens Nanni wrote: > > > For new installs, it seems adequate to base the number on the actual > > > hardware, > > > assuming the CRYPTO volume will stay in that hardware for a while. > > > > > > The current default of 16 is from old PKCS5 PBKDF2 times and changing it > > > in > > > bioctl(8) is a more invasive change (for later, perhaps). > > > > > > Thoughts? Feedback from the crypto folks appreciated. > > > > > > On X230 and T14, 16 feels pretty instant, whereas 'auto' takes about a > > > second > > > on a T14. > > > > Ping. > > Anyone? > > I consider a hardware based value a saner default for new installations > (root disk volumes are most likely to stick around on the same machine) > than a decade old constant.
See the recent discussion about _bcrypt_autorounds() in libc. System performance varies, and even on modern hardware it can provide varying results. The ramdisk environment is considerably different from the mult-user environment in this respect. Using a fixed value is way more predictable. If 16 no longer is a safe default it should be raised. > >From bioctl(8): > -r rounds > The number of iterations for the KDF algorithm to use when > converting a passphrase into a key, in order to create a new > encrypted volume or change the passphrase of an existing > encrypted volume. A larger number of iterations takes more time, > but offers increased resistance against passphrase guessing > attacks. If rounds is specified as auto, the number of rounds > will be automatically determined based on system performance. > Otherwise the minimum is 4 rounds and the default is 16. > > Rebased diff. > > Index: install.sub > =================================================================== > RCS file: /cvs/src/distrib/miniroot/install.sub,v > retrieving revision 1.1253 > diff -u -p -r1.1253 install.sub > --- install.sub 10 Aug 2023 17:09:34 -0000 1.1253 > +++ install.sub 11 Aug 2023 11:02:19 -0000 > @@ -3097,7 +3097,7 @@ encrypt_root() { > md_prep_fdisk $_chunk > echo 'RAID *' | disklabel -w -A -T- $_chunk > > - until bioctl -Cforce -cC -l${_chunk}a softraid0 >/dev/null; do > + until bioctl -Cforce -cC -rauto -l${_chunk}a softraid0 >/dev/null; do > # Most likely botched passphrases, silently retry twice. > ((++_tries < 3)) || exit > done > >