>Number:         21056
>Category:       bin
>Synopsis:       cgdconfig should use 128 as default for keygen_iterations
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 07 12:20:00 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Christian Biere
>Release:        NetBSD 1.6Q
>Organization:
>Environment:

>Description:

Older config files for cgd devices may lack the keygen_iterations
setting. The current cgdconfig doesn't configure the device in such a
case.

The following is from a short thread at the current-users
mailing list staring with Message-Id:
<20030324023134.19C62174D2@arioch.imrryr.org>.

>How-To-Repeat:

>Fix:

Roland Dowdeswell sent me a mail writing as follows:

Hmmm, this is a bug in my recent changes to cgdconfig(8)---not a
need for additional documentation.  In the absence of a
keygen_iterations line, I should default to 128 like the old version
did.  I didn't notice it, because I had changed cgdconfig(8) to output
the keygen_iterations line a couple of months ago.
>Release-Note:
>Audit-Trail:
>Unformatted:
 >> PKCS#5 PBKDF2 ITERATION CALIBRATION
 >>       What I do in this update is
 >> 	calibrate the PKCS#5 PBKDF2 algorithm to take about 1s to
 >> 	generate the key from the passphrase on your computer.
 >
 >Maybe you should mention that the previously used iteration count was
 >128. So if someone has just updated and wants to configure the cgd
 >device, he should add "keygen_iterations 128" to the config file for
 >the device.