[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1028250: debian-installer: broken cryptsetup support

On Fri, 21 Apr 2023 at 12:25:29 +0200, Guilhem Moulin wrote:
> Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 2:2.6.1-4~deb12u1,
> graphical install), 1024M RAM:
> 
> 	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
> 		PBKDF:      argon2id
> 		Time cost:  10
> 		Memory:     223780
> 		Threads:    2
> 	root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
> 	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
> 		PBKDF:      argon2id
> 		Time cost:  8
> 		Memory:     490598
> 		Threads:    2
> 
> Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 2:2.6.1-4~deb12u1,
> text install), 1024M RAM:
> 
> 	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
> 		PBKDF:      argon2id
> 		Time cost:  8
> 		Memory:     294302
> 		Threads:    2
> 	root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
> 	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
> 		PBKDF:      argon2id
> 		Time cost:  8
> 		Memory:     490598
> 		Threads:    2
> 
> Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 2:2.6.1-4~deb12u1,
> text install), 2048M RAM:
> 
> 	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
> 		PBKDF:      argon2id
> 		Time cost:  4
> 		Memory:     590553
> 		Threads:    2
> 	root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
> 	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
> 		PBKDF:      argon2id
> 		Time cost:  4
> 		Memory:     1005926
> 		Threads:    2
> 
> Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 2:2.6.1-4~deb12u1,
> text install), 4096M RAM:
> 
> 	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
> 		PBKDF:      argon2id
> 		Time cost:  4
> 		Memory:     613826
> 		Threads:    2
> 	root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
> 	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
> 		PBKDF:      argon2id
> 		Time cost:  4
> 		Memory:     1048576
> 		Threads:    2
>
> […]
> * I was surprised to see the memory cost settle at ~550-600M on systems
>  with a decent amount of RAM in d-i.  Would have expected to see 1G
>  here just like after running `cryptsetup luksConvertKey` in the
>  normal system.

libargon2-1-udeb bug filed at #1034696.  For the sake of completion, here are
updated benchmark results after injecting src:argon2=0~20171227-0.3+deb12u1
(debdiff attached to the aforementioned bug) into the ISO:

Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 2:2.6.1-4~deb12u1
+ argon2 0~20171227-0.3+deb12u1, graphical install), 1024M RAM:

	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
		PBKDF:      argon2id
		Time cost:  19
		Memory:     219508
		Threads:    2
	root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
		PBKDF:      argon2id
		Time cost:  8
		Memory:     490598
		Threads:    2
	## higher memory cost expected: graphical install without swap vs.
	## minimal headless target system

Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 2:2.6.1-4~deb12u1
+ argon2 0~20171227-0.3+deb12u1, text install), 1024M RAM:

	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
		PBKDF:      argon2id
		Time cost:  14
		Memory:     293158
		Threads:    2
	root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
		PBKDF:      argon2id
		Time cost:  8
		Memory:     490598
		Threads:    2
	## higher memory cost expected: install without swap vs. minimal headless
	## target system

Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 2:2.6.1-4~deb12u1
+ argon2 0~20171227-0.3+deb12u1, text install), 2048M RAM:

	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
		PBKDF:      argon2id
		Time cost:  5
		Memory:     801560
		Threads:    2
	root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
		PBKDF:      argon2id
		Time cost:  4
		Memory:     1005926
		Threads:    2

Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 2:2.6.1-4~deb12u1
+ argon2 0~20171227-0.3+deb12u1, text install), 4096M RAM:

	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
		PBKDF:      argon2id
		Time cost:  4
		Memory:     1048576
		Threads:    2
	root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
	root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
		PBKDF:      argon2id
		Time cost:  4
		Memory:     1048576
		Threads:    2

As one can see the benchmark results are now in line with expectations,
both in and outside d-i :-)  (For the 2G case setting the memory cost to
1G would actually be viable, but it's a bit lower since the limit is
half the amount of available memory rather than “if there is more than
1G RAM available then set the max cost to 1G, otherwise set it to
$FREE_MEM/2”.)
-- 
Guilhem.

Attachment: signature.asc
Description: PGP signature

Reply to: