[dm-crypt] Add --iter-count in order to not use --iter-time
ollieparanoid at bitmessage.ch
Tue Sep 19 22:43:00 CEST 2017
Dear cryptsetup developers,
we are working on a project where we are building a Linux distro targeting older
mobile devices (e.g. armhf arch). The OS image is built and luksFormat is
executed on a modern CPU before being moved to the older device, resulting in a
very high iter count. This is problematic because it typically takes the older
device tens of seconds in some cases to open the luks partition (for reasons you
point out in the FAQ). Using -iter-time is not really a good option since the
types of 'modern cpus' where the distro image can be built is quite varied
(multiple project devs, etc).
(NOTE: I took the liberty to copy-paste and the above text from Clayton Craft,
who is involved in the same project, from here:
The problem described above would be solved with a new command-line option for
the cryptsetup utility, that allows to directly specify the iteration count.
* Would it be feasible for you to implement this feature any time soon?
* Would you accept a patch if we gave it a shot (we might need some guidance
PS: I've noted that you can only send to this mailing list, when you are subscribed,
and to subscribe, one must register over a non-TLS secured HTTP connection (which
of course makes trivial MITM attacks possible).
More information about the dm-crypt