On Thu, 2019-03-14 at 12:36 +0000, Dimitri John Ledkov wrote:
> Meaning that 1GB of RAM is required at luksOpen. This is a
> significant
> RAM increase compared to the previous defaults used in LUKS1.
Well that's by design of Argon2, to make brute force hashing much
harder for an attacker.

> For example many IoT and Pi devices have 1GB of ram in total, and
> thus
> would OOM kill when trying to luksOpen.
IoT devices typicall give a sh** about security (at least commercial
ones),... so why should the majority of users suffer greatly in their
security just to fulfill the anyway questionable needs of a small

> Please consider reducing the default memory requirement of the
> argon2i
> in luks2 by default, or switching to pbkdf2 for LUKS2 as well.
Or one could just disable the iterations altogether,... or switch do
faster MD5, or replace AES by even faster Caesar cipher...

If someone really thinks he needs the just "encrypted-label" attached
to their thing but doesn't care about actual security, the defaults can
always manually be lowered... but why should everyone suffer from this?

Debian should not further weaken the sane (and actually quite
conservative) defaults of upstream.

There's apparently already the decision made (against the explicit
recommendation from upstream) to overwrite the no-discard default.

Let's please try to not create even yet another debacle like Debian-
OpenSSL-RNG in dm-crypt/cryptsetup.


Reply via email to