better documentation for kdf

also correctly use _failure on fatal error using --kdf
2024-09-21 09:29:00 +00:00 · 2016-11-18 13:54:18 +01:00 · 2016-11-18 13:54:18 +01:00 · fa44f46eba
commit fa44f46eba
parent c502ef3d92
2 changed files with 6 additions and 6 deletions
--- a/doc/tomb.1
+++ b/doc/tomb.1
@ -201,10 +201,10 @@ the \fIsize\fR of the new file to be created. Units are megabytes (MiB).
 .B
 .IP "--kdf \fI<itertime>\fR"
 Activate the KDF feature against dictionary attacks when creating a
-key: forces a delay of \fI<itertime>\fR seconds every time this key is used.
-You should keep in mind that the actual iteration count is calculated based on
-the performance of the computer where you forge the key.
-The argument must be an integer, so you cannot say \fI--kdf 0.3\fR for 300ms.
+key: forces a delay of \fI<itertime>\fR times every time this key is
+used.  The actual time to wait depends on the CPU speed of the
+computer where the key is used.  Using 5 or 10 is a sane amount for
+modern computers, the value is multiplied by 1 million.
 .B
 .IP "-h"
 Display a help text and quit.
--- a/4
+++ b/4
@ -1148,8 +1148,8 @@ gen_key() {
            if [[ "$itertime" != <-> ]]; then
                unset tombpass
                unset tombpasstmp
-                _error "Wrong argument for --kdf: must be an integer number (iteration seconds)."
-                _error "Depending on the speed of machines using this tomb, use 1 to 10, or more"
+                _warning "Wrong argument for --kdf: must be an integer number (iteration seconds)."
+                _failure "Depending on the speed of machines using this tomb, use 1 to 10, or more"
                return 1
            fi
            # --kdf takes one parameter: iter time (on present machine) in seconds