On Fri, Aug 11, 2023 at 03:51:38PM +0100, Stuart Henderson wrote: > Agreed. (Re bcrypt, I usually completely ignore auto rounds, I had just > forgotten to set that up on the machine where I noticed the problem..) > > Also, am I right in thinking that this only affects the time when > entering the passphrase when mounting or creating the device, i.e. once > per boot?
Yes, correct. > > If so, there's nowhere near as much a downside to that being slow > as there is for user login. (anyone actually wanting to crack these > passphrases would be doing it on a fast system rather than whatever > the device is normally used with, so there are valid reasons for > picking something that might be a bit slow if it doesn't cause too > much system impact). The minimum of 16 can be cranked independently whilst still defaulting to a hardware based default.
