On Friday 14 October 2016 18:19:21 Bryan Linton wrote: > On 2016-10-14 09:21:24, Peter Janos <peterjan...@mail.com> wrote: > > Hello, > > > > [snip] > > > > ps.: it would be nice to have a feature in the default installer to > > install > > with full disc encryption :) we still have to escape to shell during > > install and ex.: > > > > install60.iso > > (S)hell > > dmesg | grep MB # or: sysctl hw.disknames > > dd if=/dev/urandom of=/dev/rsd0c bs=1m # not needed, only for paranoids > > dd if=/dev/zero of=/dev/rsd0c bs=1m count=1 > > fdisk -iy sd0 > > disklabel -E sd0 > > a a > > enter > > enter > > RAID > > w > > q > > bioctl -c C -l /dev/sd0a -r 20000000 softraid0 > > # use a random high iteration number x > 10 000 000 > > I just want to point out (for the archives as well as others) that > the softraid crypto discipline has recently been switched from > PBKDF2 to bcrypt. > > http://marc.info/?l=openbsd-cvs&m=147430724911779&w=2 > http://www.openbsd.org/faq/current.html#r20160919 > > Since bcrypt calculates its rounds based on the exponentiation of > the number (i.e. the default of 16 rounds actually performs 2^16 > rounds or 65536 rounds), the default number of "rounds" was > reduced from 8192 to only 16. If you were to use 20 million > "rounds" with the new bcrypt algorithm, I wouldn't be surprised if > it took weeks, months, or even YEARS to actually mount your disk > after inputting your password. > > For reference, I tried to simply calculate 2^20 millionth power > using dc for my own amusement and gave up after it crunched numbers > for over a minute with no answer returned. > > A value of 24 (2^24 or 16,777,216) or 25 (2^25 or 33,554,432) > would probably be closer to what you actually want.
The number of rounds specified for bcrypt_pbdkf(3) is linear, not logarithmic (unlike bcrypt(3)). That said, the processing required for each round is significantly higher than that of pkcs5_pbkdf2(3) (using `bioctl -r auto -v` will tell you rounds your machine will do in ~1s). > > exit > > Start install to the newly created bioctl/crypt raid device: sdX, where X > > is ex.: 2... > > > > with a random (but very high) number for iteration, afaik iteration only > > counts when typing in the password, much higher iteration would slow down > > brute-force attackers. > > Indeed it would. Quite significantly in fact.
