[pkg-cryptsetup-devel] Bug#536415: Bug#536415: cryptsetup: opening LUKS partitions takes several seconds

Marcus Better marcus at better.se
Fri Oct 23 11:55:18 UTC 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jonas Meurer wrote:
> On 23/10/2009 Marcus Better wrote:
>> Sorry, there is no difference whatsoever in this version.
> 
> yes, there is. there's a small speed increase in processing
> key/passphrase, and a huge speed increase for higher keyslots.

Well, let me rephrase that: "there is no difference whatsoever,
perceptible to me, for my setup".

I count wall clock time when the partitions are unlocked during boot,
and it still takes around 5 seconds per partition. There might be a
small increase but not enough to notice.

It only happens to one of my laptops, they have similar hardware and I
did not, to the best of my knowledge, tweak any LUKS parameters.

Here is the luksDump info. Maybe the number of iterations is too high?
Should I create a key with different parameters?

~# cryptsetup luksDump /dev/vg0/home
LUKS header information for /dev/vg0/home

Version:        1
Cipher name:    aes
Cipher mode:    cbc-essiv:sha256
Hash spec:      sha1
Payload offset: 2056
MK bits:        256
MK digest:      eb cf 60 32 d9 b1 84 ff 92 3c e7 da ce b5 cf 33 c1 16 b9 d4
MK salt:        ce 90 80 93 e3 d8 6c 3f a5 a9 83 cc 6e 2f d8 60
                48 43 fe ab 66 c3 bc 65 50 72 b0 e2 66 64 e6 bc
MK iterations:  10
UUID:           ef49b938-cb47-412c-b441-b6940e6e69f3

Key Slot 0: ENABLED
        Iterations:             165980
        Salt:                   a9 9d cf 1d 95 30 d6 c3 66 6c 7c f5 07
a4 2b c9
                                46 b1 ce 45 93 f6 59 63 3d 71 c8 a0 8c
c0 18 42
        Key material offset:    8
        AF stripes:             4000
Key Slot 1: ENABLED
        Iterations:             435577
        Salt:                   4c 0e cf 30 06 3d 2e 85 09 e8 dc 90 4a
0f a7 bc
                                f4 d6 1a 18 38 8f f0 17 5b 48 5d d7 02
fd 1b a8
        Key material offset:    264
        AF stripes:             4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED


> no further improvement seems to be possible with current implementation
> according to upstream.

Well, I have plenty of cryptographic software and they do not take five
seconds to decrypt a key.

> i suggest to reclose the bug for that reason. tagging this bug as
> wontfix doesn't seem appropriate to me. you could easily file bugs at
> random packages claiming that the software is to slow for you.

Trust me, when GnuPG or SSH start taking five seconds to unlock a key
from a passphrase I will file bugs there too.

Cheers,

Marcus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkrhmaMACgkQXjXn6TzcAQk3awCgtYfJdSIhDdhSCAeVsLNt/QDt
qcIAoIAaKdQ0rAZ5NpwBMK70B0Nel8jS
=xc+e
-----END PGP SIGNATURE-----

More information about the pkg-cryptsetup-devel mailing list