KDF iteration time is wrong

[boyska]

The --kdf option allows the user to enforce kdf. Its argument is said (not very clearly, actually) to be the number of seconds that it will take to do stretching on that box.

Since the getiter program takes an input the microseconds, the number of seconds should be multiplied by one million. Instead, it is multiplied by 10k. see https://github.com/dyne/Tomb/blob/master/tomb#L1141 It is even documented: https://github.com/dyne/Tomb/blob/master/doc/tomb.1#L198

I propose to:

• fix the multiplier
• make a clearer documentation

and I am willing to do it myself, if you agree.

[boyska]

pull request opened!

[jaromil]

wait a second. will this break the iteration settings of previously created tombs?

I was aware of this problem, but never fixed it in doubt.

[boyska]

nope. The iteration count will never be the same running twice. The iteration count is calculated once, then written in the tomb header as one of the kdf parameter (the other being the salt).

[jaromil]

Oh, I see. I panicked seeing this pull merged so fast.

[jaromil]

I reverted the reverts. Thanks for the cold-blood fix.

Ideally, I'd like to switch to gnupg -s2k in some future.