From c26bb0f38a929a948c59e7076d44c268d7334f22 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 20 Nov 2012 13:43:28 -0500 Subject: [PATCH] make default LUKS PBKDF2 iteration time configurable --- configure.in | 1 + src/cryptsetup.c | 10 ++++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/configure.in b/configure.in index 6b7a79b..ed84b2f 100644 --- a/configure.in +++ b/configure.in @@ -346,6 +346,7 @@ CS_STR_WITH([luks1-hash], [hash function for LUKS1 header], [sha1]) CS_STR_WITH([luks1-cipher], [cipher for LUKS1], [aes]) CS_STR_WITH([luks1-mode], [cipher mode for LUKS1], [cbc-essiv:sha256]) CS_NUM_WITH([luks1-keybits],[key length in bits for LUKS1], [256]) +CS_NUM_WITH([luks1-iter-time],[PBKDF2 iteration time for LUKS1 (in ms)], [1000]) CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes]) CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256]) diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 0cc7f07..0cc7a49 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -44,7 +44,7 @@ static uint64_t opt_offset = 0; static uint64_t opt_skip = 0; static int opt_skip_valid = 0; static int opt_readonly = 0; -static int opt_iteration_time = 1000; +static int opt_iteration_time = DEFAULT_LUKS1_ITER_TIME; static int opt_version_mode = 0; static int opt_timeout = 0; static int opt_tries = 3; @@ -1165,10 +1165,12 @@ static void help(poptContext popt_context, " optional key file for the new key for luksAddKey action\n"), crypt_get_dir()); - log_std(_("\nDefault compiled-in keyfile parameters:\n" + log_std(_("\nDefault compiled-in key and passphrase parameters:\n" "\tMaximum keyfile size: %dkB, " - "Maximum interactive passphrase length %d (characters)\n"), - DEFAULT_KEYFILE_SIZE_MAXKB, DEFAULT_PASSPHRASE_SIZE_MAX); + "Maximum interactive passphrase length %d (characters)\n" + "Default PBKDF2 iteration time for LUKS: %d (ms)\n"), + DEFAULT_KEYFILE_SIZE_MAXKB, DEFAULT_PASSPHRASE_SIZE_MAX, + DEFAULT_LUKS1_ITER_TIME); log_std(_("\nDefault compiled-in device cipher parameters:\n" "\tloop-AES: %s, Key %d bits\n" -- 2.7.4