Command line parameter for bcrypt_pbkdf password cracking defenses, e.g. iteration counts

[nealmcb]

As noted e.g. at Recommended # of iterations when using PKBDF2-SHA256?, it is important to take steps to protect the password for the secret key from brute force attacks. It appears that the signify code uses bcrypt_pbkdf to do this, but the parameters like iteration count used aren't noted in the documentation. It should be possible to increase the count over time.

Can the number of iterations/rounds be modified via the command-line tool? If not can that feature be added?

[aperezdc]

From the point of view of this Signify project, the one and only goal is to take the code from OpenBSD (where it originated and is maintained) and apply the minimum set of modifications needed to make it run on GNU/Linux—also, I do not have more spare time than for doing that, sorry!

New features should be added by submitting patches to the OpenBSD project, and once they have been included there I will be more than happy to update the source code here for the portable version.

Let's keep this issue open nevertheless, in case someone else is looking for ideas that could be contributed back to the OpenBSD project.