From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <wagner@tansi.org>
Received: from tansi.org (ns.km10532-04.keymachine.de [87.118.102.195])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Sat, 21 Nov 2009 18:26:29 +0100 (CET)
Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch
	[84.74.164.239]) by tansi.org (Postfix) with ESMTP id E1BF34250002
	for <dm-crypt@saout.de>; Sat, 21 Nov 2009 18:26:28 +0100 (CET)
Date: Sat, 21 Nov 2009 18:26:27 +0100
From: Arno Wagner <arno@wagner.name>
Message-ID: <20091121172627.GA3737@tansi.org>
References: <20091118102515.GB30910@tansi.org> <4B03D865.8070905@redhat.com>
	<4B03F5F2.9080609@redhat.com> <20091119074104.GC8694@tansi.org>
	<20091119092107.GA7875@fancy-poultry.org>
	<20091119122445.GA10856@tansi.org>
	<20091119130028.GA9415@fancy-poultry.org>
	<4B068840.6070508@redhat.com> <20091121104732.GA560@tansi.org>
	<4B07DFA5.6030303@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4B07DFA5.6030303@gmx.net>
Subject: Re: [dm-crypt] different default key sizes for CREATE and	LUKSFORMAT
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Sat, Nov 21, 2009 at 01:40:05PM +0100, Stefan Xenon wrote:
> > Good idea, I like it. However use the same time as for the keyslots.
> > There is really no reason to have one use less iterations than
> > the other. 
> > 
> > The two iterations are linked security-wise, so treating them the same
> > makes sense.
> > 
> > Incidentially, it should only add the time once, there is only
> > one Master Key. 
> 
> Sounds good for me as well. While I don't know the details I am
> wondering if the result may be influenced by other processes executed at
> the same time. This means, when heavy processes are running in the
> background (e.g. compilation), the iteration calculation may become
> slower and thus the amount of iterations smaller as it would be
> normally. Please note that I don't know the implementation details but
> just want to point out this theoretical problem.

Sopuld not be an issue. If done right, this is CPU miliseconds,
not elapsed miliseconds. An being off by 50% does not matter
a lot in this application anyways.
 
> Also the possibility to recalculate the iterations might be useful,
> after an upgrade of the computer (but with remaining storage device).
> Especially external hard drives might be in use for more years compared
> to the CPU.

That is done on reformat, which also is really the only simple
way to change such a setting. On the other hand, the used values
are already intended for "many years", so I think this is not
a concern.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier