On Tue, 6 Sep 2016, David Coppa wrote: > Il 6 settembre 2016 14:56:32 CEST, Filippo Valsorda <m...@filippo.io> ha > scritto: > >Hello, > > > >I recently had the occasion to dive into the softraid crypto code [1] > >and was quite pleased with the cleanliness of it all. However, I found > >surprising the default value of 8k PBKDF2 rounds. > > > >I know it is easy to override and I should have RTFM, but I (naively, > >I'll admit) assumed OpenBSD would pick very robust defaults, erring on > >the conservative side. Is it maybe time to bump it up, or pick it based > >on a quick machine benchmark? > > > >If there's consensus I might also provide a patch for the live > >benchmark > >option. > > yes, autodetection of a sensible value would be cool...
using bcrypt_kdf would be better :)
