Hash-iteration for plain dm-crypt, and move it to PBKDF2 as well
Issue 134 by wagner.a... on 2012-08-23 11:55:08:
Currently, plain dm-crypt does not do hash iteration for the passphrase entered. It may still be helpful in some contexts. In addition, it might be good to use PBKDF2 as well so as to have only one default key-derivation mechanism for plain dm-crypt and LUKS.
This could be done when moving LUKS to 2.0 spec or before. Can also be combined with moving plain dm-crypt to XTS mode as
default.
This requires two new parameters with default values.
Proposal:
--iter-count <num> #default: 10'000 (reasonable compromise)
--salt <string> #default: "plain dm-crypt salt"
--plain1 #old behaviour for backwards compat
--plain2 #new behaviour
Allow --plain1 to be made compile-time default, but put
--plain2 into the source distribution.
Salt to be hashed with password-hash before passing it to PBKDF2. Move default hash to sha256.
While time-based iteration is out for plain dm-crypt, it may also be a nice addition to have a benchmark option for PBKDF2 in order to be able to assess its speed on different platforms.
Proposal:
--benchmark-pbkdf2
Output:
Iterations per second.
All of this is low-priority, just a proposal for the next larger overhaul.