[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 5/6] crypto: increase default pbkdf2 time for lu
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH 5/6] crypto: increase default pbkdf2 time for luks to 2 seconds |
Date: |
Thu, 8 Sep 2016 12:53:10 -0500 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
On 09/08/2016 11:27 AM, Daniel P. Berrange wrote:
> cryptsetup recently increased the default pbkdf2 time to 2 seconds
> to partially mitigate improvements in hardware performance wrt
> brute-forcing the pbkdf algorithm. This updates QEMU defaults to
> match.
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
> crypto/block-luks.c | 2 +-
> qapi/crypto.json | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> +++ b/qapi/crypto.json
> @@ -187,7 +187,7 @@
> # Currently defaults to 'sha256'
> # @iter-time: #optional number of milliseconds to spend in
> # PBKDF passphrase processing. Currently defaults
> -# to 1000. Since 2.8
> +# to 2000. Since 2.8
Possible merge conflicts if you address my comments in earlier patches,
but those are trivial.
Reviewed-by: Eric Blake <address@hidden>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
- Re: [Qemu-devel] [PATCH 1/6] crypto: make PBKDF iterations configurable for LUKS format, (continued)
- [Qemu-devel] [PATCH 3/6] crypto: use correct derived key size when timing pbkdf, Daniel P. Berrange, 2016/09/08
- [Qemu-devel] [PATCH 6/6] crypto: support more hash algorithms for pbkdf, Daniel P. Berrange, 2016/09/08
- [Qemu-devel] [PATCH 4/6] crypto: remove bogus /= 2 for pbkdf iterations, Daniel P. Berrange, 2016/09/08
- [Qemu-devel] [PATCH 5/6] crypto: increase default pbkdf2 time for luks to 2 seconds, Daniel P. Berrange, 2016/09/08
- Re: [Qemu-devel] [PATCH 5/6] crypto: increase default pbkdf2 time for luks to 2 seconds,
Eric Blake <=
- Re: [Qemu-devel] [PATCH 0/6] crypto: misc tweaks & improvements to pbkdf code, no-reply, 2016/09/08