mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
cryptsetup-util: disable pbkdf benchmark in cryptsetup_set_minimal_pbkdf.
No need to benchmark pbkdf when asking for minimal values anyway. 1000 iterations count is minimum for both LUKS1 and LUKS2 pbkdf2 keyslot parameters according to NIST SP 800-132, ch. 5.2. Iterations count can not be lower than recommended minimum when benchmark is disabled. The time_ms member is ignored with benchmark disabled.
This commit is contained in:
parent
7dba77a67e
commit
358b1f68b0
@ -123,11 +123,15 @@ void cryptsetup_enable_logging(struct crypt_device *cd) {
|
||||
|
||||
int cryptsetup_set_minimal_pbkdf(struct crypt_device *cd) {
|
||||
|
||||
/* With CRYPT_PBKDF_NO_BENCHMARK flag set .time_ms member is ignored
|
||||
* while .iterations must be set at least to recommended minimum value. */
|
||||
|
||||
static const struct crypt_pbkdf_type minimal_pbkdf = {
|
||||
.hash = "sha512",
|
||||
.type = CRYPT_KDF_PBKDF2,
|
||||
.iterations = 1,
|
||||
.time_ms = 1,
|
||||
.iterations = 1000, /* recommended minimum count for pbkdf2
|
||||
* according to NIST SP 800-132, ch. 5.2 */
|
||||
.flags = CRYPT_PBKDF_NO_BENCHMARK
|
||||
};
|
||||
|
||||
int r;
|
||||
|
Loading…
Reference in New Issue
Block a user