Bug#621791: Please support setting LUKS options for speed/brute-forcing tradeoff

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#621791: Please support setting LUKS options for speed/brute-forcing tradeoff
From: Josh Triplett <josh@joshtriplett.org>
Date: Fri, 08 Apr 2011 15:09:21 -0700
Message-id: <[🔎] 20110408220921.5608.38552.reportbug@feather>
Reply-to: Josh Triplett <josh@joshtriplett.org>, 621791@bugs.debian.org

Package: partman-crypto
Severity: wishlist

LUKS tunes its passphrase handling (the number of iterations for the
PBKDF2 algorithm) to ensure that attempting to use a particular
passphrase will take a minimum amount of time, to make brute-forcing
much more difficult.  By default, LUKS tunes this to take approximately
one second on the current machine.  However, LUKS supports configuring
the desired number of milliseconds, to trade off between speed and
protection from brute-forcing.  Please support setting this option when
creating an encrypted volume during installation.

Thanks,
Josh Triplett

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Reply to:

Prev by Date: Bug#621788: Please support encryption without separate /boot, with encryption support in current GRUB2
Next by Date: Bug#621393: debian-installer: checksum cmdline alias
Previous by thread: Bug#621788: Please support encryption without separate /boot, with encryption support in current GRUB2
Next by thread: D-I daily builds for mips stopped?
Index(es):
- Date
- Thread