Bug#1028250: debian-installer: broken cryptsetup support

Fri, 21 Apr 2023 14:27:15 -0700 

On Fri, 21 Apr 2023 at 12:25:29 +0200, Guilhem Moulin wrote:
> Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 
> 2:2.6.1-4~deb12u1,
> graphical install), 1024M RAM:
> 
>       root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
>               PBKDF:      argon2id
>               Time cost:  10
>               Memory:     223780
>               Threads:    2
>       root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
>       root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
>               PBKDF:      argon2id
>               Time cost:  8
>               Memory:     490598
>               Threads:    2
> 
> Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 
> 2:2.6.1-4~deb12u1,
> text install), 1024M RAM:
> 
>       root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
>               PBKDF:      argon2id
>               Time cost:  8
>               Memory:     294302
>               Threads:    2
>       root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
>       root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
>               PBKDF:      argon2id
>               Time cost:  8
>               Memory:     490598
>               Threads:    2
> 
> Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 
> 2:2.6.1-4~deb12u1,
> text install), 2048M RAM:
> 
>       root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
>               PBKDF:      argon2id
>               Time cost:  4
>               Memory:     590553
>               Threads:    2
>       root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
>       root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
>               PBKDF:      argon2id
>               Time cost:  4
>               Memory:     1005926
>               Threads:    2
> 
> Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 
> 2:2.6.1-4~deb12u1,
> text install), 4096M RAM:
> 
>       root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
>               PBKDF:      argon2id
>               Time cost:  4
>               Memory:     613826
>               Threads:    2
>       root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
>       root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
>               PBKDF:      argon2id
>               Time cost:  4
>               Memory:     1048576
>               Threads:    2
>
> […]
> * I was surprised to see the memory cost settle at ~550-600M on systems
>  with a decent amount of RAM in d-i.  Would have expected to see 1G
>  here just like after running `cryptsetup luksConvertKey` in the
>  normal system.

libargon2-1-udeb bug filed at #1034696.  For the sake of completion, here are
updated benchmark results after injecting src:argon2=0~20171227-0.3+deb12u1
(debdiff attached to the aforementioned bug) into the ISO:

Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 
2:2.6.1-4~deb12u1
+ argon2 0~20171227-0.3+deb12u1, graphical install), 1024M RAM:

        root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
                PBKDF:      argon2id
                Time cost:  19
                Memory:     219508
                Threads:    2
        root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
        root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
                PBKDF:      argon2id
                Time cost:  8
                Memory:     490598
                Threads:    2
        ## higher memory cost expected: graphical install without swap vs.
        ## minimal headless target system

Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 
2:2.6.1-4~deb12u1
+ argon2 0~20171227-0.3+deb12u1, text install), 1024M RAM:

        root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
                PBKDF:      argon2id
                Time cost:  14
                Memory:     293158
                Threads:    2
        root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
        root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
                PBKDF:      argon2id
                Time cost:  8
                Memory:     490598
                Threads:    2
        ## higher memory cost expected: install without swap vs. minimal 
headless
        ## target system

Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 
2:2.6.1-4~deb12u1
+ argon2 0~20171227-0.3+deb12u1, text install), 2048M RAM:

        root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
                PBKDF:      argon2id
                Time cost:  5
                Memory:     801560
                Threads:    2
        root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
        root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
                PBKDF:      argon2id
                Time cost:  4
                Memory:     1005926
                Threads:    2

Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup 
2:2.6.1-4~deb12u1
+ argon2 0~20171227-0.3+deb12u1, text install), 4096M RAM:

        root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
                PBKDF:      argon2id
                Time cost:  4
                Memory:     1048576
                Threads:    2
        root@debian:~# cryptsetup luksConvertKey /dev/vda5 <<<test
        root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
                PBKDF:      argon2id
                Time cost:  4
                Memory:     1048576
                Threads:    2

As one can see the benchmark results are now in line with expectations,
both in and outside d-i :-)  (For the 2G case setting the memory cost to
1G would actually be viable, but it's a bit lower since the limit is
half the amount of available memory rather than “if there is more than
1G RAM available then set the max cost to 1G, otherwise set it to
$FREE_MEM/2”.)
-- 
Guilhem.

Attachment: signature.asc
Description: PGP signature

Reply via email to