Hi kibi, In https://bugs.debian.org/1032235#107 elbrus (CC'ed) asked for a t-p-u upload of cryptsetup to fix a potential major regression should bookworm's src:argon2 ever be rebuilt with the bookworm toolchain. The version currently in sid, 2:2.6.1-3, also includes 2 upstream patches to mitigate #1028250. (“Mitigate”, because it only reduces the memory cost of the PBKDF on memory-constrained systems without swap. This only buys time, and Milan argued that such systems are better off using a non-memory hard PBKDF. I might propose a partman-crypto patch to that effect, but I guess it's too late for bookworm at this point.)
2:2.6.1-3 (sid) and 2:2.6.1-1 (testing) differs as such: https://salsa.debian.org/cryptsetup-team/cryptsetup/-/compare/debian%2F2%252.6.1-1...debian%2F2%252.6.1-3 Would you rather have us exclude these backported upstream patches from the t-p-u upload or should we leave them in? Concretely these patches set the maximum memory cost at ~256M on a system with 1G RAM, so in practice the memory pressure never exceeds 75% during installation (tested with d-i bookworm alpha 2 with updated src:cryptsetup udebs, graphical install). Cheers -- Guilhem.
signature.asc
Description: PGP signature