On 11/02/2020 22:53, Daniel Kiper wrote: > Adding Milan, Leif, Alex, Peter, Mathew and Vladimir. > > On Thu, Feb 06, 2020 at 03:27:28PM +0100, Patrick Steinhardt wrote: >> Hi, >> >> as promised back when LUKS2 support was merged, here's the code that >> enables decrypting LUKS2 partitions that use Argon2 as their key derival >> function. Most of this is simple legwork, but I expect two things to be >> potentially controversial: >> >> - I've changed how EFI allocates memory. On my test systems, I was >> only able to allocate roughly 800MB, which isn't enough for the >> default of 1GB memory parameter that cryptsetup uses with Argon2. >> Instead of taking a quarter of available memory, we now take half >> of it, which amounts to ~1.6GB on 32 bit systems. > > That is huge for the bootloader. What about systems with less than 3 GiB of > RAM? > Could we reduce amount of RAM required by Argon2?
No, this is the principle of memory-hard function :) The primary reason is to increase attacker cost for dictionary attacks. Anyway, there are some limits in cryptsetup - we try to never use more than half of physical memory and maximum is hard-compiled to 4GiB. (But physical memory limit applies when formatting device, then is stored in the LUKS2 keyslot header. So if you format it on device with much larger RAM and it is later not available, it fails to open. It is more complicated though - we have benchmark during format that prioritize unlocking time, so PBKDF memory is usually decreased on low-memory systems anyway.) > >> - The import of Argon2 itself. I've imported code from the >> cryptsetup project, but I've modified it quite a bit to fit into > > Milan mentioned something about libgcrypt. Milan, when the Argon2 code > may land in libgcrypt? Once we have volunteer to implement it / port it to gcrypt :-) BTW if you have embedded Argon2 code, you should also add some test vectors to your testsuite. (You can use these we have in cryptsetup - see tests/crypto-vectors.c) Milan _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
