commit fa44f46eba9ae89240942cbb184f944d0c54ac9f
parent c502ef3d921c10f8bfc9ccff70c041575a4f5f66
Author: Jaromil <jaromil@dyne.org>
Date: Fri, 18 Nov 2016 13:54:18 +0100
better documentation for kdf
also correctly use _failure on fatal error using --kdf
Diffstat:
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/doc/tomb.1 b/doc/tomb.1
@@ -201,10 +201,10 @@ the \fIsize\fR of the new file to be created. Units are megabytes (MiB).
.B
.IP "--kdf \fI<itertime>\fR"
Activate the KDF feature against dictionary attacks when creating a
-key: forces a delay of \fI<itertime>\fR seconds every time this key is used.
-You should keep in mind that the actual iteration count is calculated based on
-the performance of the computer where you forge the key.
-The argument must be an integer, so you cannot say \fI--kdf 0.3\fR for 300ms.
+key: forces a delay of \fI<itertime>\fR times every time this key is
+used. The actual time to wait depends on the CPU speed of the
+computer where the key is used. Using 5 or 10 is a sane amount for
+modern computers, the value is multiplied by 1 million.
.B
.IP "-h"
Display a help text and quit.
diff --git a/tomb b/tomb
@@ -1148,8 +1148,8 @@ gen_key() {
if [[ "$itertime" != <-> ]]; then
unset tombpass
unset tombpasstmp
- _error "Wrong argument for --kdf: must be an integer number (iteration seconds)."
- _error "Depending on the speed of machines using this tomb, use 1 to 10, or more"
+ _warning "Wrong argument for --kdf: must be an integer number (iteration seconds)."
+ _failure "Depending on the speed of machines using this tomb, use 1 to 10, or more"
return 1
fi
# --kdf takes one parameter: iter time (on present machine) in seconds
