When calculating iterations for pbkdf of the key slot
data, we had a /= 2, which was copied from identical
code in cryptsetup. It was always unclear & undocumented
by cryptsetup had this division and it was recently
removed too.
Signed-off-by: Daniel P. Berrange <berra...@redhat.com>
---
crypto/block-luks.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 11047fa..7d5893a 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -1154,9 +1154,6 @@ qcrypto_block_luks_create(QCryptoBlock *block,
/* iter_time was in millis, but count_iters reported for secs */
iters /= 1000;
- /* Why /= 2 ? That matches cryptsetup, but there's no
- * explanation why they chose /= 2... */
- iters /= 2;
if (iters > UINT32_MAX) {
error_setg(errp, "Too many PBKDF iterations for LUKS format");
goto error;
--
2.7.4
