better documentation for kdf

also correctly use _failure on fatal error using --kdf

doc/tomb.1

@@ -201,10 +201,10 @@ the \fIsize\fR of the new file to be created. Units are megabytes (MiB).
 .B
 .IP "--kdf \fI<itertime>\fR"
 Activate the KDF feature against dictionary attacks when creating a
-key: forces a delay of \fI<itertime>\fR seconds every time this key is used.
+key: forces a delay of \fI<itertime>\fR times every time this key is
-You should keep in mind that the actual iteration count is calculated based on
+used.  The actual time to wait depends on the CPU speed of the
-the performance of the computer where you forge the key.
+computer where the key is used.  Using 5 or 10 is a sane amount for
-The argument must be an integer, so you cannot say \fI--kdf 0.3\fR for 300ms.
+modern computers, the value is multiplied by 1 million.
 .B
 .IP "-h"
 Display a help text and quit.

tomb

@@ -1148,8 +1148,8 @@ gen_key() {
             if [[ "$itertime" != <-> ]]; then
                 unset tombpass
                 unset tombpasstmp
-                _error "Wrong argument for --kdf: must be an integer number (iteration seconds)."
+                _warning "Wrong argument for --kdf: must be an integer number (iteration seconds)."
-                _error "Depending on the speed of machines using this tomb, use 1 to 10, or more"
+                _failure "Depending on the speed of machines using this tomb, use 1 to 10, or more"
                 return 1
             fi
             # --kdf takes one parameter: iter time (on present machine) in seconds