diff --git a/block/block_manager.go b/block/block_manager.go
index 4b461028e2..f1949baa46 100644
--- a/block/block_manager.go
+++ b/block/block_manager.go
@@ -459,7 +459,7 @@ func (bm *Manager) loadPackIndexesUnlocked(ctx context.Context) ([]IndexInfo, bo
 }
 
 func (bm *Manager) tryLoadPackIndexBlocksUnlocked(ctx context.Context, blocks []IndexInfo) error {
-	ch, err := bm.unprocessedIndexBlocksUnlocked(blocks)
+	ch, unprocessedIndexesSize, err := bm.unprocessedIndexBlocksUnlocked(blocks)
 	if err != nil {
 		return err
 	}
@@ -467,6 +467,7 @@ func (bm *Manager) tryLoadPackIndexBlocksUnlocked(ctx context.Context, blocks []
 		return nil
 	}
 
+	log.Infof("downloading %v new index blocks (%v bytes)...", len(ch), unprocessedIndexesSize)
 	var wg sync.WaitGroup
 
 	errors := make(chan error, parallelFetches)
@@ -498,26 +499,29 @@ func (bm *Manager) tryLoadPackIndexBlocksUnlocked(ctx context.Context, blocks []
 	for err := range errors {
 		return err
 	}
+	log.Infof("Index blocks downloaded.")
 
 	return nil
 }
 
 // unprocessedIndexBlocksUnlocked returns a closed channel filled with block IDs that are not in committedBlocks cache.
-func (bm *Manager) unprocessedIndexBlocksUnlocked(blocks []IndexInfo) (<-chan string, error) {
+func (bm *Manager) unprocessedIndexBlocksUnlocked(blocks []IndexInfo) (<-chan string, int64, error) {
+	var totalSize int64
 	ch := make(chan string, len(blocks))
 	for _, block := range blocks {
 		has, err := bm.committedBlocks.cache.hasIndexBlockID(block.FileName)
 		if err != nil {
-			return nil, err
+			return nil, 0, err
 		}
 		if has {
 			log.Debugf("index block %q already in cache, skipping", block.FileName)
 			continue
 		}
 		ch <- block.FileName
+		totalSize += block.Length
 	}
 	close(ch)
-	return ch, nil
+	return ch, totalSize, nil
 }
 
 // Close closes the block manager.
diff --git a/crypto_key_derivation.go b/crypto_key_derivation.go
index 593a828585..704e263a58 100644
--- a/crypto_key_derivation.go
+++ b/crypto_key_derivation.go
@@ -6,20 +6,16 @@ import (
 	"io"
 
 	"golang.org/x/crypto/hkdf"
-	"golang.org/x/crypto/pbkdf2"
 	"golang.org/x/crypto/scrypt"
 )
 
-// DefaultKeyDerivationAlgorithm is the key derivation algorithm for new configurations.
-const DefaultKeyDerivationAlgorithm = "scrypt-65536-8-1"
+// defaultKeyDerivationAlgorithm is the key derivation algorithm for new configurations.
+const defaultKeyDerivationAlgorithm = "scrypt-65536-8-1"
 
 func (f formatBlock) deriveMasterKeyFromPassword(password string) ([]byte, error) {
 	const masterKeySize = 32
 
 	switch f.KeyDerivationAlgorithm {
-	case "pbkdf2-sha256-100000":
-		return pbkdf2.Key([]byte(password), f.UniqueID, 100000, masterKeySize, sha256.New), nil
-
 	case "scrypt-65536-8-1":
 		return scrypt.Key([]byte(password), f.UniqueID, 65536, 8, 1, masterKeySize)
 
diff --git a/format_block.go b/format_block.go
index 555e53e413..d4334f53a5 100644
--- a/format_block.go
+++ b/format_block.go
@@ -13,6 +13,8 @@ import (
 	"github.com/kopia/repo/storage"
 )
 
+const defaultFormatEncryption = "AES256_GCM"
+
 // FormatBlockID is the identifier of a storage block that describes repository format.
 const FormatBlockID = "kopia.repository"
 
diff --git a/initialize.go b/initialize.go
index 4f5e254e0f..281b33e289 100644
--- a/initialize.go
+++ b/initialize.go
@@ -17,22 +17,12 @@ var (
 	BuildVersion = "v0-unofficial"
 )
 
-// DefaultEncryptionAlgorithm is the default algorithm for encrypting format block.
-var DefaultEncryptionAlgorithm = "AES256_GCM"
-
-// SupportedEncryptionAlgorithms lists all supported algorithms for encrypting format block.
-var SupportedEncryptionAlgorithms = []string{DefaultEncryptionAlgorithm, "NONE"}
-
 // NewRepositoryOptions specifies options that apply to newly created repositories.
 // All fields are optional, when not provided, reasonable defaults will be used.
 type NewRepositoryOptions struct {
-	UniqueID                  []byte // force the use of particular unique ID
-	FormatEncryptionAlgorithm string // identifier of encryption algorithm
-	KeyDerivationAlgorithm    string // identifier of key derivation algorithm
-
-	BlockFormat block.FormattingOptions
-	DisableHMAC bool
-
+	UniqueID     []byte // force the use of particular unique ID
+	BlockFormat  block.FormattingOptions
+	DisableHMAC  bool
 	ObjectFormat object.Format // object format
 }
 
@@ -69,14 +59,20 @@ func Initialize(ctx context.Context, st storage.Storage, opt *NewRepositoryOptio
 }
 
 func formatBlockFromOptions(opt *NewRepositoryOptions) *formatBlock {
-	return &formatBlock{
+	f := &formatBlock{
 		Tool:                   "https://github.com/kopia/kopia",
 		BuildInfo:              BuildInfo,
-		KeyDerivationAlgorithm: applyDefaultString(opt.KeyDerivationAlgorithm, DefaultKeyDerivationAlgorithm),
+		KeyDerivationAlgorithm: defaultKeyDerivationAlgorithm,
 		UniqueID:               applyDefaultRandomBytes(opt.UniqueID, 32),
 		Version:                "1",
-		EncryptionAlgorithm:    applyDefaultString(opt.FormatEncryptionAlgorithm, DefaultEncryptionAlgorithm),
+		EncryptionAlgorithm:    defaultFormatEncryption,
 	}
+
+	if opt.BlockFormat.Encryption == "NONE" {
+		f.EncryptionAlgorithm = "NONE"
+	}
+
+	return f
 }
 
 func repositoryObjectFormatFromOptions(opt *NewRepositoryOptions) *repositoryObjectFormat {
diff --git a/internal/repotesting/repotesting.go b/internal/repotesting/repotesting.go
index b08994291e..b7554ca8de 100644
--- a/internal/repotesting/repotesting.go
+++ b/internal/repotesting/repotesting.go
@@ -53,7 +53,6 @@ func (e *Environment) Setup(t *testing.T, opts ...func(*repo.NewRepositoryOption
 			Splitter:     "FIXED",
 			MaxBlockSize: 400,
 		},
-		FormatEncryptionAlgorithm: "NONE",
 	}
 
 	for _, mod := range opts {