Subject: bin/21056: cgdconfig should use 128 as default for keygen_iterations
To: None <>
From: Christian Biere <>
List: netbsd-bugs
Date: 04/07/2003 21:19:19
>Number:         21056
>Category:       bin
>Synopsis:       cgdconfig should use 128 as default for keygen_iterations
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 07 12:20:00 PDT 2003
>Originator:     Christian Biere
>Release:        NetBSD 1.6Q


Older config files for cgd devices may lack the keygen_iterations
setting. The current cgdconfig doesn't configure the device in such a

The following is from a short thread at the current-users
mailing list staring with Message-Id:



Roland Dowdeswell sent me a mail writing as follows:

Hmmm, this is a bug in my recent changes to cgdconfig(8)---not a
need for additional documentation.  In the absence of a
keygen_iterations line, I should default to 128 like the old version
did.  I didn't notice it, because I had changed cgdconfig(8) to output
the keygen_iterations line a couple of months ago.
 >>       What I do in this update is
 >> 	calibrate the PKCS#5 PBKDF2 algorithm to take about 1s to
 >> 	generate the key from the passphrase on your computer.
 >Maybe you should mention that the previously used iteration count was
 >128. So if someone has just updated and wants to configure the cgd
 >device, he should add "keygen_iterations 128" to the config file for
 >the device.