Re: [Tails-dev] thoughts about the persistence encryption

This message is part of the following thread:
Mthe complete thread tree sorted by date
Mintrigeri at <-
M 
Delete this message

Reply to this message
Author: Daniel Kahn Gillmor
Date:  
To: intrigeri, tails-dev
CC: goupille
Subject: Re: [Tails-dev] thoughts about the persistence encryption
On Thu 2015-02-19 06:25:35 -0500, intrigeri wrote:
> Hi,
>
> Daniel Kahn Gillmor wrote (18 Feb 2015 23:50:20 GMT) :
>> On Wed 2015-02-18 16:24:51 -0500, goupille wrote:
>>> iteration time: it is low for slow systems, and Tails is aimed to work
>>> on relatively slow systems it should be increased
>
>> iteration time only has a cost during boot (persistence unlock). I
>> agree that spending extra cycles at boot is worthwhile.
>
> Agreed. For the Live system use case, tuning the number of iterations
> based on the speed of the machine where the LUKS device is initially
> created doesn't make much sense. IMO, ideally we would fix the
> iteration *count* ourselves.
>
> However, cryptsetup only supports setting the iteration *time*
> (with --iter-time), so next step would be to ensure there's a wishlist
> ticket in cryptsetup bug tracker to request a --iter-count or
> similar option.

here's the upstream bugtracker (requires a google account to post a ticket):

https://code.google.com/p/cryptsetup/issues/list

the code looks pretty straightforward if someone wants to work on a
patch.

git clone https://code.google.com/p/cryptsetup/

and take a look at:

lib/setup.c
lib/luks1/keymanage.c
lib/libcryptsetup.h
src/cryptsetup.c

--dkg

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] Automated builds specificationRe: [Tails-dev] [review'n'merge:1.3] bugfix/8916-spell-checking-in-tor-browser->
lists.autistici.org administrated by postmasterLurker (version 2.3)