summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorKlemens Nanni <kn@cvs.openbsd.org>2023-09-02 09:14:48 +0000
committerKlemens Nanni <kn@cvs.openbsd.org>2023-09-02 09:14:48 +0000
commit1ba1020aafe68615a5914dbf8c6dd0c6d1303168 (patch)
tree16fbaea50c4dbe5eb96739a9cd1785a11917eb8b /usr.bin
parent3651de5a2149d7aeee362367e2c652a5ce4587d8 (diff)
Use a hardware based number of KDF rounds by default for passphrases
When creating new crypto volumes with a passphrase or updating one, pick a number of rounds that aims to take around 1s instead of just 16 (on X230 and T14 machines, 16 rounds unlock pretty much instantly). New default [-r auto] never decreases rounds, only explicit '-r N' can. 16 is the absolute minimum. Motivation is to provide a saner and more modern default, especially for fresh installations utilizing new disk encryption question. Prodding for new default from and OK jsing on early "-r auto" installer diff idea to to pick MAX(auto, old-rounds) from Lucas[AT sexy DOT is] "seems acceptable to me" deraadt Feedback kettenis sthen OK op
Diffstat (limited to 'usr.bin')
0 files changed, 0 insertions, 0 deletions