On 16/09/18 00:08, procmem wrote:
> The recommended config paramters by Milan Broz:
>
> # cryptsetup luksConvertKey --key-slot 1 --pbkdf argon2id
> --pbkdf-force-iterations 50 --pbkdf-memory 1048576 --pbkdf-parallel 4
>
NO!
This was an example, as you asked how to setup keyslot
By the way, on new systems formatting encrypted volumes is done by
partman_crypto, which is outside src:cryptsetup. It's been proposed [0]
to pass `--type=luks2` to `luksFormat` there, but I'd much rather stick
to the upstream format version there too and wait for a version of the
cryptsetup
Package: cryptsetup
Version: 2:2.0.4-2
Severity: important
Dear Maintainer,
As part of my work on a downstream privacy distro I asked the cryptsetup
team on how to transition current LUKS1 systems to use the improved
argon2id algo for the PBKDF implementation when using LUKS2.
Background:
3 matches
Mail list logo