Doh... Yeah, starting from scratch with -r works. I guess quickly finding how long rounds take is not quite as easy as bioctl -d and try again.
I guess the rounds it chooses is equal to a seconds worth, but surprised that it would be exactly 256. Struck me as a maxed byte or something. Sorry for the noise. On 25 Jun 2017 6:17 pm, "Ted Unangst" <t...@tedunangst.com> wrote: > Kevin Chadwick wrote: > > On Fri, 23 Jun 2017 20:24:24 +0200 > > > > > > > > > > I started by trying very high values with a simple password and > > > > > > expected to have to wait a long time but it was always around 7 > > > > > > seconds? > > > > > very high as in -r 2000 ? > > > > > > > > Yeah, 2048? Is there a MAX? > > > Not really. > > > > > > Oh it's been only 9 month since bioctl(8) switched over to bcrypt > > > PBKDF. You might run a older version (dmesg would help) in which case > > > you want to go much higher... 16000? > > > > > > # bioctl -v -c C -l /dev/vnd0a softraid0 > > > > > > shows you what KDF you are using. > > > > Thanks > > > > -r 1 shows "bioctl: number of KDF rounds is too small: 1" > > > > -r 4 shows "Deriving key using bcrypt PBKDF with 256 rounds..." > > > > whatever I set -r to, seems to say 256 rounds and returns in a similar > > timeframe. > > > > e.g. bioctl -v -c C -r 32000 -l /dev/vnd0a softraid0 > > well, of course. if it used a different number of rounds, the key wouldn't > match the one generated when the volume was created. if you're trying to > create a new volume, start with blank metadata. > >
