On Mon, May 08, 2023 at 11:00:27AM +0000, Klemens Nanni wrote:
> On Sun, Apr 23, 2023 at 05:07:30PM +0000, Klemens Nanni wrote:
> > For new installs, it seems adequate to base the number on the actual
> > hardware,
> > assuming the CRYPTO volume will stay in that hardware for a while.
> >
> > The current default of 16 is from old PKCS5 PBKDF2 times and changing it in
> > bioctl(8) is a more invasive change (for later, perhaps).
> >
> > Thoughts? Feedback from the crypto folks appreciated.
> >
> > On X230 and T14, 16 feels pretty instant, whereas 'auto' takes about a
> > second
> > on a T14.
>
> Ping.
Anyone?
I consider a hardware based value a saner default for new installations
(root disk volumes are most likely to stick around on the same machine)
than a decade old constant.
>From bioctl(8):
-r rounds
The number of iterations for the KDF algorithm to use when
converting a passphrase into a key, in order to create a new
encrypted volume or change the passphrase of an existing
encrypted volume. A larger number of iterations takes more time,
but offers increased resistance against passphrase guessing
attacks. If rounds is specified as auto, the number of rounds
will be automatically determined based on system performance.
Otherwise the minimum is 4 rounds and the default is 16.
Rebased diff.
Index: install.sub
===================================================================
RCS file: /cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.1253
diff -u -p -r1.1253 install.sub
--- install.sub 10 Aug 2023 17:09:34 -0000 1.1253
+++ install.sub 11 Aug 2023 11:02:19 -0000
@@ -3097,7 +3097,7 @@ encrypt_root() {
md_prep_fdisk $_chunk
echo 'RAID *' | disklabel -w -A -T- $_chunk
- until bioctl -Cforce -cC -l${_chunk}a softraid0 >/dev/null; do
+ until bioctl -Cforce -cC -rauto -l${_chunk}a softraid0 >/dev/null; do
# Most likely botched passphrases, silently retry twice.
((++_tries < 3)) || exit
done
