[pkg-cryptsetup-devel] Bug#908917: cryptsetup: argon2id as default PBKDF setting for new installs - Buster+
procmem
procmem at riseup.net
Sat Sep 15 23:08:00 BST 2018
Package: cryptsetup
Version: 2:2.0.4-2
Severity: important
Dear Maintainer,
As part of my work on a downstream privacy distro I asked the cryptsetup
team on how to transition current LUKS1 systems to use the improved
argon2id algo for the PBKDF implementation when using LUKS2.
Background:
While quantum computing does not have any advantage in speeding up
bruteforcing of PBKDF hashes they have a direct impact on passphrase
length. Using a 20 word diceware passphrase will be needed for
post-quantum passphase entropy of 256 bits. This is excessive and very
difficult for most users to manage hence the importance of PBKDF for
anti-bruteforcing.
The current sha256 PBKDF used in LUKS1 is trivial to parallelize by
adversaries who have large GPU computational power, making it a useless
countermeasure and leading users to rely on passphrase lenth for only
protection.
***
It would be great if all newly installed systems running Buster and
beyond used LUKS2 and argon2id out of the box instead of having users
optionally opt for a safer configuration.
The recommended config paramters by Milan Broz:
# cryptsetup luksConvertKey --key-slot 1 --pbkdf argon2id
--pbkdf-force-iterations 50 --pbkdf-memory 1048576 --pbkdf-parallel 4
<device>
Original full reply:
[0] https://www.saout.de/pipermail/dm-crypt/2018-September/005968.html
Thanks
More information about the pkg-cryptsetup-devel
mailing list