On Tue, 26 Mar 2019 10:42:29 +0100 Ondrej Kozina wrote:
On Thu, 14 Mar 2019 19:43:26 +0100 Guilhem Moulin
wrote:
> Hi Milan,
>
> On Thu, 14 Mar 2019 at 19:22:42 +0100, Milan Broz wrote:
> > (...)
> > FYI we know about that parallel unlocking problem already and we are trying
> > to find
On Thu, 14 Mar 2019 19:43:26 +0100 Guilhem Moulin
wrote:
Hi Milan,
On Thu, 14 Mar 2019 at 19:22:42 +0100, Milan Broz wrote:
> (...)
> FYI we know about that parallel unlocking problem already and we are trying
> to find (with systemd people) some solution (perhaps based on cgroups memory
Hi Milan,
On Thu, 14 Mar 2019 at 19:22:42 +0100, Milan Broz wrote:
>>> I think diverging from upstream (and other distros) with respect to
>>> default algorithms requires careful consideration. And in that case,
>>> compared to PBKDF2 Argon2 has interesting properties (such as resistance
>>> to
Control: tag -1 + wontfix
Control: tag -1 - moreinfo
Control: severity -1 normal
On Thu, 14 Mar 2019 at 17:31:05 +, Dimitri John Ledkov wrote:
> On Thu, 14 Mar 2019 at 16:55, Guilhem Moulin wrote:
>> AFAICT it does. What I guess doesn't is if the machine's resources are
>> significantly
>> I think diverging from upstream (and other distros) with respect to
>> default algorithms requires careful consideration. And in that case,
>> compared to PBKDF2 Argon2 has interesting properties (such as resistance
>> to GPU cracking) which would be a shame not to benefit from out of the
>>
On Thu, 14 Mar 2019 at 16:55, Guilhem Moulin wrote:
>
> > For example many IoT and Pi devices have 1GB of ram in total, and thus
> > would OOM kill when trying to luksOpen.
>
> Is that something you experienced? I just deployed a fresh a Debian sid
> VM with 2vCPUs, 1GiB RAM a default encryption
Control: tag -1 moreinfo
Hi Dimitri,
On Thu, 14 Mar 2019 at 12:36:13 +, Dimitri John Ledkov wrote:
> Currently the new cryptsetup defaults to LUKS2 format with the
> following parameters:
>
> Default PBKDF for LUKS2: argon2i
> Iteration time: 2000, Memory required: 1048576kB, Parallel
On Thu, 2019-03-14 at 12:36 +, Dimitri John Ledkov wrote:
> Meaning that 1GB of RAM is required at luksOpen. This is a
> significant
> RAM increase compared to the previous defaults used in LUKS1.
Well that's by design of Argon2, to make brute force hashing much
harder for an attacker.
> For
Package: cryptsetup
Version: 2:2.1.0-1
Severity: important
Dear Maintainer,
Currently the new cryptsetup defaults to LUKS2 format with the
following parameters:
Default PBKDF for LUKS2: argon2i
Iteration time: 2000, Memory required: 1048576kB, Parallel threads: 4
Meaning that 1GB of RAM is
9 matches
Mail list logo