I recently set up a CRYPTO volume with softraid(4) and enjoyed it. Thanks! Here are some hopefully-clarifying diffs to the man pages.
--- bioctl.8.orig Sat Sep 11 19:55:27 2010 +++ bioctl.8 Sun Sep 12 12:17:30 2010 @@ -119,7 +119,7 @@ promote it to being a .Dq Hot Spare . .It Fl h -Where necessary, produce "human-readable" output. +Where necessary, produce ``human-readable'' output. Use unit suffixes: Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte, Exabyte in order to reduce the number of digits to four or less. @@ -202,7 +202,7 @@ RAID 4 and RAID 5 require at least three devices, and the CRYPTO discipline requires exactly one. .It Fl d -Delete volume specified by device. +Detach volume specified by device. .It Fl k Ar keydisk Use special device .Ar keydisk @@ -224,6 +224,7 @@ .It Fl r Ar rounds When creating an encrypted volume, specifies the number of iterations of the algorithm used to convert a passphrase into a key. +(The algorithm is PBKDF2.) Higher iteration counts take more time, but offer more resistance to key guessing attacks. The minimum is 1000 rounds and the default is 8192. @@ -245,20 +246,19 @@ .Ed .Pp .Nm -will ask for a passphrase, that will be needed to unlock the encrypted -disk. +will ask for the passphrase needed to unlock the encrypted disk. After creating a newly encrypted disk, the first megabyte of it should be zeroed, so tools like .Xr fdisk 8 or .Xr disklabel 8 don't get confused by the random data that appears on the new disk. -This can be done with the following command (assuming the new disk is sd3): +This can be done with the following command (assuming the new disk is sd2): .Bd -literal -offset 3n -# dd if=/dev/zero of=/dev/rsd3c bs=1m count=1 +# dd if=/dev/zero of=/dev/rsd2c bs=1m count=1 .Ed .Pp -Deleting a softraid volume requires the exact volume name. +Detaching a softraid volume requires the exact volume name. For example: .Bd -literal -offset 3n # bioctl -d sd2 @@ -267,6 +267,8 @@ .Xr bio 4 , .Xr scsi 4 , .Xr softraid 4 +.Pp +RFC 2898 describes PBKDF2. .Sh HISTORY The .Nm @@ -278,4 +280,4 @@ interface was written by .An Marco Peereboom Aq ma...@openbsd.org . .Sh CAVEATS -Use of the crypto & RAID 4/5 disciplines are currently considered experimental. +Use of the CRYPTO and RAID 4/5 disciplines are currently considered experimental. --- softraid.4.orig Sun Sep 12 12:13:10 2010 +++ softraid.4 Sun Sep 12 12:14:50 2010 @@ -119,6 +119,9 @@ # printf "a\en\en\en\enRAID\enw\enq\en\en" | disklabel -E wd3 .Ed .Pp +(Note that RAID is also the correct partition type when using the CRYPTO +discipline.) +.Pp Assemble the RAID volume: .Bd -literal -offset indent # bioctl -c 1 -l /dev/wd1a,/dev/wd2a,/dev/wd3a softraid0 -- http://noncombatant.org/
