[pkg-cryptsetup-devel] Bug#908917: cryptsetup: argon2id as default PBKDF setting for new installs - Buster+

procmem procmem at riseup.net
Sat Sep 15 23:08:00 BST 2018


Package: cryptsetup
Version: 2:2.0.4-2
Severity: important


Dear Maintainer,

As part of my work on a downstream privacy distro I asked the cryptsetup
team on how to transition current LUKS1 systems to use the improved
argon2id algo for the PBKDF implementation when using LUKS2.

Background:
While quantum computing does not have any advantage in speeding up
bruteforcing of PBKDF hashes they have a direct impact on passphrase
length. Using a 20 word diceware passphrase will be needed for
post-quantum passphase entropy of 256 bits. This is excessive and very
difficult for most users to manage hence the importance of PBKDF for
anti-bruteforcing.

The current sha256 PBKDF used in LUKS1 is trivial to parallelize by
adversaries who have large GPU computational power, making it  a useless
countermeasure and leading users to rely on passphrase lenth for only
protection.



***

It would be great if all newly installed systems running Buster and
beyond used LUKS2 and argon2id out of the box instead of having users
optionally opt for a safer configuration.

The recommended config paramters by Milan Broz:

  # cryptsetup luksConvertKey --key-slot 1 --pbkdf argon2id
--pbkdf-force-iterations 50 --pbkdf-memory 1048576 --pbkdf-parallel 4
<device>


Original full reply:
[0] https://www.saout.de/pipermail/dm-crypt/2018-September/005968.html


Thanks



More information about the pkg-cryptsetup-devel mailing list