[dm-crypt] Several issues with cryptsetup 2.0.0

curve25519 at mailbox.org curve25519 at mailbox.org
Sun Jan 14 16:05:50 CET 2018


>> 1. The output of "sudo luksDump /dev/sdd1" looks pretty ok, except 
>> that Argon2i uses only the absolute minimum amount of RAM 131072 
>> KiB/128MiB. I read in one of Milans last posts on this list that 
>> --iteration-time takes precedence over the memory setting. But as
>> I used the default options with 8GB of RAM I would have expected 
>> something way more in line with the examples on parameter choice 
>> from the IRTF Argon Draft paper (p. 12f).
> 
> Debian experimental is currently at 2.0.0~rc1 version released on
> 1st November. There were some new commits after that, 
> https://anonscm.debian.org/cgit/pkg-cryptsetup/cryptsetup.git/log/ 
> i.e. default min memory cost for Argon was changed from 128MB to 1GB.
> You may want to build and test updated version from debian git.


Yes, I knew the default was updated to 1GB and 2000ms respectively
(which I mentioned later on).

I also know in our Argon2 implementation time cost takes precedence over
memory cost.  What struck me as weird is that while 1GB appears to be
the new considered safe minimum, it's also the default as well as the
maximum. I would have expected this parameter to be dynamically
calculated similar to the iterations setting.

But admittedly I could have phrased this better. Nonetheless, thank you
for your contribution.

Kind regards

Curve


More information about the dm-crypt mailing list