From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CBpWm0VJCOok for ; Tue, 20 Nov 2012 21:32:25 +0100 (CET) Received: from mail-ea0-f178.google.com (mail-ea0-f178.google.com [209.85.215.178]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Tue, 20 Nov 2012 21:32:25 +0100 (CET) Received: by mail-ea0-f178.google.com with SMTP id k11so1648451eaa.37 for ; Tue, 20 Nov 2012 12:32:25 -0800 (PST) Message-ID: <50ABE8D6.1010609@gmail.com> Date: Tue, 20 Nov 2012 21:32:22 +0100 From: Milan Broz MIME-Version: 1.0 References: <87r4no85e9.fsf@pip.fifthhorseman.net> In-Reply-To: <87r4no85e9.fsf@pip.fifthhorseman.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] cryptsetup --iter-time default should be configurable (and reported in --help) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Daniel Kahn Gillmor Cc: dm-crypt@saout.de On 11/20/2012 08:02 PM, Daniel Kahn Gillmor wrote: > I just noticed that the default for cryptsetup --iter-time isn't visible > in the output of cryptsetup --help. > > I went looking to change this, and saw that the default is neither > configurable nor easily extracted. > > The attached patch should make the default for this parameter > configurable (e.g. ./configure --with-luks1-iter-time=1000), as well as > reporting the compiled-in default in the output of --help. Hi, patch applied to git (just with small change s/msec/ms). But I hope distro maintainers will not decrease this default without reading section 5.9 in http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#5.9_Security_Aspects Thanks, Milan