Package: cryptsetup Version: 2:2.0.4-2 Severity: important
Dear Maintainer, As part of my work on a downstream privacy distro I asked the cryptsetup team on how to transition current LUKS1 systems to use the improved argon2id algo for the PBKDF implementation when using LUKS2. Background: While quantum computing does not have any advantage in speeding up bruteforcing of PBKDF hashes they have a direct impact on passphrase length. Using a 20 word diceware passphrase will be needed for post-quantum passphase entropy of 256 bits. This is excessive and very difficult for most users to manage hence the importance of PBKDF for anti-bruteforcing. The current sha256 PBKDF used in LUKS1 is trivial to parallelize by adversaries who have large GPU computational power, making it a useless countermeasure and leading users to rely on passphrase lenth for only protection. *** It would be great if all newly installed systems running Buster and beyond used LUKS2 and argon2id out of the box instead of having users optionally opt for a safer configuration. The recommended config paramters by Milan Broz: # cryptsetup luksConvertKey --key-slot 1 --pbkdf argon2id --pbkdf-force-iterations 50 --pbkdf-memory 1048576 --pbkdf-parallel 4 <device> Original full reply: [0] https://www.saout.de/pipermail/dm-crypt/2018-September/005968.html Thanks
