On Fri, 23 Jun 2017 20:24:24 +0200
> > > > I started by trying very high values with a simple password and > > > > expected to have to wait a long time but it was always around 7 > > > > seconds? > > > very high as in -r 2000 ? > > > > Yeah, 2048? Is there a MAX? > Not really. > > Oh it's been only 9 month since bioctl(8) switched over to bcrypt > PBKDF. You might run a older version (dmesg would help) in which case > you want to go much higher... 16000? > > # bioctl -v -c C -l /dev/vnd0a softraid0 > > shows you what KDF you are using. Thanks -r 1 shows "bioctl: number of KDF rounds is too small: 1" -r 4 shows "Deriving key using bcrypt PBKDF with 256 rounds..." whatever I set -r to, seems to say 256 rounds and returns in a similar timeframe. e.g. bioctl -v -c C -r 32000 -l /dev/vnd0a softraid0 kernel is 6.1 Jun 12 2017 bioctl sha256 starts with 1404c5e13f5f (i386 6.1) This is adding the vnd as sd1 as softraid0 already has an enc sd0 the vnd0 is attached to a 256MB file I would use the blowfish crypto of vnconfig instead but would rather use the bcrypt password hashing if possible. I assume vnconfig still uses PKCS #5, as the man page says? p.s. sorry for the delay, somehow I managed to hose my boot code, perhaps with bioctl -d sd0 whilst running from sd0 rather than bioctl -d sd1. installboot saved the day anyway. Teaches me to mess around with disks as root after a beer!
