diff options
author | Klemens Nanni <kn@cvs.openbsd.org> | 2023-09-02 09:14:48 +0000 |
---|---|---|
committer | Klemens Nanni <kn@cvs.openbsd.org> | 2023-09-02 09:14:48 +0000 |
commit | 1ba1020aafe68615a5914dbf8c6dd0c6d1303168 (patch) | |
tree | 16fbaea50c4dbe5eb96739a9cd1785a11917eb8b /usr.bin | |
parent | 3651de5a2149d7aeee362367e2c652a5ce4587d8 (diff) |
Use a hardware based number of KDF rounds by default for passphrases
When creating new crypto volumes with a passphrase or updating one, pick a
number of rounds that aims to take around 1s instead of just 16 (on X230 and
T14 machines, 16 rounds unlock pretty much instantly).
New default [-r auto] never decreases rounds, only explicit '-r N' can.
16 is the absolute minimum.
Motivation is to provide a saner and more modern default, especially for
fresh installations utilizing new disk encryption question.
Prodding for new default from and OK jsing on early "-r auto" installer diff
idea to to pick MAX(auto, old-rounds) from Lucas[AT sexy DOT is]
"seems acceptable to me" deraadt
Feedback kettenis sthen
OK op
Diffstat (limited to 'usr.bin')
0 files changed, 0 insertions, 0 deletions