eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-16 13:20:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

make default LUKS PBKDF2 iteration time configurable

Browse Source
This commit is contained in:
Daniel Kahn Gillmor
2012-11-20 13:43:28 -05:00
committed by Milan Broz
parent 911ffe81f0
commit c26bb0f38a
2 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configure.in
View File

@@ -346,6 +346,7 @@ CS_STR_WITH([luks1-hash], [hash function for LUKS1 header], [sha1])
CS_STR_WITH([luks1-cipher], [cipher for LUKS1], [aes]) CS_STR_WITH([luks1-cipher], [cipher for LUKS1], [aes])
CS_STR_WITH([luks1-mode], [cipher mode for LUKS1], [cbc-essiv:sha256]) CS_STR_WITH([luks1-mode], [cipher mode for LUKS1], [cbc-essiv:sha256])
CS_NUM_WITH([luks1-keybits],[key length in bits for LUKS1], [256]) CS_NUM_WITH([luks1-keybits],[key length in bits for LUKS1], [256])
CS_NUM_WITH([luks1-iter-time],[PBKDF2 iteration time for LUKS1 (in ms)], [1000])
CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes]) CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes])
CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256]) CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256])

10
src/cryptsetup.c
View File

@@ -44,7 +44,7 @@ static uint64_t opt_offset = 0;
static uint64_t opt_skip = 0; static uint64_t opt_skip = 0;
static int opt_skip_valid = 0; static int opt_skip_valid = 0;
static int opt_readonly = 0; static int opt_readonly = 0;
static int opt_iteration_time = 1000; static int opt_iteration_time = DEFAULT_LUKS1_ITER_TIME;
static int opt_version_mode = 0; static int opt_version_mode = 0;
static int opt_timeout = 0; static int opt_timeout = 0;
static int opt_tries = 3; static int opt_tries = 3;
@@ -1165,10 +1165,12 @@ static void help(poptContext popt_context,
"<key file> optional key file for the new key for luksAddKey action\n"), "<key file> optional key file for the new key for luksAddKey action\n"),
crypt_get_dir()); crypt_get_dir());
log_std(_("\nDefault compiled-in keyfile parameters:\n" log_std(_("\nDefault compiled-in key and passphrase parameters:\n"
"\tMaximum keyfile size: %dkB, " "\tMaximum keyfile size: %dkB, "
"Maximum interactive passphrase length %d (characters)\n"), "Maximum interactive passphrase length %d (characters)\n"
DEFAULT_KEYFILE_SIZE_MAXKB, DEFAULT_PASSPHRASE_SIZE_MAX); "Default PBKDF2 iteration time for LUKS: %d (ms)\n"),
DEFAULT_KEYFILE_SIZE_MAXKB, DEFAULT_PASSPHRASE_SIZE_MAX,
DEFAULT_LUKS1_ITER_TIME);
log_std(_("\nDefault compiled-in device cipher parameters:\n" log_std(_("\nDefault compiled-in device cipher parameters:\n"
"\tloop-AES: %s, Key %d bits\n" "\tloop-AES: %s, Key %d bits\n"