Bug#924560: cryptsetup luksOpen requires 1GB of RAM in the default configuration

On Tue, 26 Mar 2019 10:42:29 +0100 Ondrej Kozina wrote: On Thu, 14 Mar 2019 19:43:26 +0100 Guilhem Moulin wrote: > Hi Milan, > > On Thu, 14 Mar 2019 at 19:22:42 +0100, Milan Broz wrote: > > (...) > > FYI we know about that parallel unlocking problem already and we are trying > > to find

Bug#924560: cryptsetup luksOpen requires 1GB of RAM in the default configuration

On Thu, 14 Mar 2019 19:43:26 +0100 Guilhem Moulin wrote: Hi Milan, On Thu, 14 Mar 2019 at 19:22:42 +0100, Milan Broz wrote: > (...) > FYI we know about that parallel unlocking problem already and we are trying > to find (with systemd people) some solution (perhaps based on cgroups memory

Bug#924560: cryptsetup luksOpen requires 1GB of RAM in the default configuration

Hi Milan, On Thu, 14 Mar 2019 at 19:22:42 +0100, Milan Broz wrote: >>> I think diverging from upstream (and other distros) with respect to >>> default algorithms requires careful consideration. And in that case, >>> compared to PBKDF2 Argon2 has interesting properties (such as resistance >>> to

Bug#924560: cryptsetup luksOpen requires 1GB of RAM in the default configuration

Control: tag -1 + wontfix Control: tag -1 - moreinfo Control: severity -1 normal On Thu, 14 Mar 2019 at 17:31:05 +, Dimitri John Ledkov wrote: > On Thu, 14 Mar 2019 at 16:55, Guilhem Moulin wrote: >> AFAICT it does. What I guess doesn't is if the machine's resources are >> significantly

Bug#924560: [pkg-cryptsetup-devel] Bug#924560: cryptsetup luksOpen requires 1GB of RAM in the default configuration

>> I think diverging from upstream (and other distros) with respect to >> default algorithms requires careful consideration. And in that case, >> compared to PBKDF2 Argon2 has interesting properties (such as resistance >> to GPU cracking) which would be a shame not to benefit from out of the >>

Bug#924560: [pkg-cryptsetup-devel] Bug#924560: cryptsetup luksOpen requires 1GB of RAM in the default configuration

On Thu, 14 Mar 2019 at 16:55, Guilhem Moulin wrote: > > > For example many IoT and Pi devices have 1GB of ram in total, and thus > > would OOM kill when trying to luksOpen. > > Is that something you experienced? I just deployed a fresh a Debian sid > VM with 2vCPUs, 1GiB RAM a default encryption

Bug#924560: [pkg-cryptsetup-devel] Bug#924560: cryptsetup luksOpen requires 1GB of RAM in the default configuration

Control: tag -1 moreinfo Hi Dimitri, On Thu, 14 Mar 2019 at 12:36:13 +, Dimitri John Ledkov wrote: > Currently the new cryptsetup defaults to LUKS2 format with the > following parameters: > > Default PBKDF for LUKS2: argon2i > Iteration time: 2000, Memory required: 1048576kB, Parallel

Bug#924560: [pkg-cryptsetup-devel] Bug#924560: cryptsetup luksOpen requires 1GB of RAM in the default configuration

On Thu, 2019-03-14 at 12:36 +, Dimitri John Ledkov wrote: > Meaning that 1GB of RAM is required at luksOpen. This is a > significant > RAM increase compared to the previous defaults used in LUKS1. Well that's by design of Argon2, to make brute force hashing much harder for an attacker. > For

Bug#924560: cryptsetup luksOpen requires 1GB of RAM in the default configuration

Package: cryptsetup Version: 2:2.1.0-1 Severity: important Dear Maintainer, Currently the new cryptsetup defaults to LUKS2 format with the following parameters: Default PBKDF for LUKS2: argon2i Iteration time: 2000, Memory required: 1048576kB, Parallel threads: 4 Meaning that 1GB of RAM is