>> I think diverging from upstream (and other distros) with respect to
>> default algorithms requires careful consideration. And in that case,
>> compared to PBKDF2 Argon2 has interesting properties (such as resistance
>> to GPU cracking) which would be a shame not to benefit from out of the
>>
On Thu, 14 Mar 2019 at 16:55, Guilhem Moulin wrote:
>
> > For example many IoT and Pi devices have 1GB of ram in total, and thus
> > would OOM kill when trying to luksOpen.
>
> Is that something you experienced? I just deployed a fresh a Debian sid
> VM with 2vCPUs, 1GiB RAM a default encryption
Control: tag -1 moreinfo
Hi Dimitri,
On Thu, 14 Mar 2019 at 12:36:13 +, Dimitri John Ledkov wrote:
> Currently the new cryptsetup defaults to LUKS2 format with the
> following parameters:
>
> Default PBKDF for LUKS2: argon2i
> Iteration time: 2000, Memory required: 1048576kB, Parallel
On Thu, 2019-03-14 at 12:36 +, Dimitri John Ledkov wrote:
> Meaning that 1GB of RAM is required at luksOpen. This is a
> significant
> RAM increase compared to the previous defaults used in LUKS1.
Well that's by design of Argon2, to make brute force hashing much
harder for an attacker.
> For
4 matches
Mail list logo