Auteur: Daniel Kahn Gillmor Date: À: intrigeri, tails-dev CC: goupille Sujet: Re: [Tails-dev] thoughts about the persistence encryption
On Thu 2015-02-19 06:25:35 -0500, intrigeri wrote: > Hi,
>
> Daniel Kahn Gillmor wrote (18 Feb 2015 23:50:20 GMT) :
>> On Wed 2015-02-18 16:24:51 -0500, goupille wrote:
>>> iteration time: it is low for slow systems, and Tails is aimed to work
>>> on relatively slow systems it should be increased
>
>> iteration time only has a cost during boot (persistence unlock). I
>> agree that spending extra cycles at boot is worthwhile.
>
> Agreed. For the Live system use case, tuning the number of iterations
> based on the speed of the machine where the LUKS device is initially
> created doesn't make much sense. IMO, ideally we would fix the
> iteration *count* ourselves.
>
> However, cryptsetup only supports setting the iteration *time*
> (with --iter-time), so next step would be to ensure there's a wishlist
> ticket in cryptsetup bug tracker to request a --iter-count or
> similar option.
here's the upstream bugtracker (requires a google account to post a ticket):