Package: cryptsetup Version: 2:1.7.3-3 Severity: normal Dear Maintainer,
At /usr/share/initramfs-tools/scripts/local-top/cryptroot there is the following piece of code: failsleep=60 # make configurable later? if [ "$cryptrootdev" = "yes" ] && [ $crypttries -gt 0 ] && [ $count -ge $crypttries ]; then message "cryptsetup ($crypttarget): maximum number of tries exceeded" message "cryptsetup: going to sleep for $failsleep seconds..." sleep $failsleep exit 1 fi Cryptsetup is designed to resist a multimillion brute force attack, having the whole hard disk and a lot of time, thus I can't see how limiting user input at 3 tries/minute would improve the security, rather than annoy users. If one has a weak password that that limit would save it from being cracked, he does not use disk encryption correctly, and probably simply needs a GRUB password or something like that. Mistakenly I have reported this bug to upstream first: https://gitlab.com/cryptsetup/cryptsetup/issues/311 Sincerely, Semion