1. 24 Sep, 2017 1 commit
  2. 22 Aug, 2017 1 commit
  3. 15 Aug, 2017 1 commit
  4. 12 Aug, 2017 2 commits
    • Milan Broz's avatar
    • Milan Broz's avatar
      Move PBKDF internal benchmark to one place. · 5fc79f56
      Milan Broz authored
      Also cache its value in active context, so we run benchmark
      only once.
      
      The patch also changes calculated value for LUKS1 key digest
      to 125 miliseconds (it means that for full 8 used slots
      the additional slow-down is circa 1 second).
      
      Note that there is no need to have too high iteration count
      for key digest; if it is too computationally expensive, attacker
      will better decrypt of one sector with candidate key anyway.
      (Check for a known signature.)
      
      The reason to have some delay for key digest check was
      to complicate brute-force search for volume key with LUKS header
      only (and if RNG used to generate volumekey was flawed
      allowing such a search i reasonable time).
      5fc79f56
  5. 10 Aug, 2017 1 commit
  6. 07 Aug, 2017 1 commit
  7. 06 Aug, 2017 2 commits
    • Milan Broz's avatar
      Add Argon2 benchmark code. · 8a859391
      Milan Broz authored
      Code based on patch by Ondrej Mosnacek
      
      The new benchmark works as follows:
      
      Phase 1:
      It searches for smallest parameters, such that the duration is 250 ms
      (this part is quite fast).
      Then it uses that data point to estimate the paramters that will have
      the desired duration (and fulfill the basic constraints).
      
      Phase 2:
      The candidate parameters are then measured and if their duration falls
      within +-5% of the target duration, they are accepted.
      Otherwise, new candidate parameters are estimated based on the last
      measurement and phase 2 is repeated.
      
      When measuring the duration for given parameters, the measurement
      is repeated 3 or 4 times and a minimum of the measured durations
      is used as the final duration (to reduce variance in measurements).
      A minimum is taken instead of mean, because the measurements definitely
      have a certain lower bound, but no upper bound (therefore mean value
      would tend to be higher than the value with highest probability density).
      The actual "most likely" duration is going to be somewhere just above
      the minimum measurable value, so minimum over the observations is
      a better estimate than mean.
      Signed-off-by: Milan Broz's avatarMilan Broz <gmazyland@gmail.com>
      8a859391
    • Milan Broz's avatar
      Change PBKDF interface API. · 0abf57be
      Milan Broz authored
      Prepare API for PBKDF that can set three costs
        - time (similar to iterations in PBKDF2)
        - memory (required memory for memory-hard function)
        - threads (required number of threads/CPUs).
      
      This patch also removes wrongly designed API call
      crypt_benchmark_kdf and replaces it with the new call
      crypt_benchmark_pbkdf.
      
      Two functions for PBKDF per context setting
      are introduced: crypt_set_pbkdf_type and crypt_get_pbkdf_type.
      
      The patch should be backward compatible when using
      crypt_set_iteration_time function (works only for PBKDF2).
      Signed-off-by: Milan Broz's avatarMilan Broz <gmazyland@gmail.com>
      0abf57be
  8. 26 Jul, 2017 1 commit
  9. 28 Jun, 2017 2 commits
  10. 27 Jun, 2017 1 commit
  11. 24 Jun, 2017 1 commit
  12. 23 Jun, 2017 1 commit
  13. 21 Jun, 2017 1 commit
  14. 26 Apr, 2017 1 commit
  15. 05 Apr, 2017 1 commit
  16. 12 Mar, 2017 2 commits
  17. 02 Mar, 2017 1 commit
    • Daniel Reichelt's avatar
      support PIM parameter for VeraCrypt compatible devices · 9a798a76
      Daniel Reichelt authored
      This patch adds the --veracrypt-pim=INT and --veracrypt-query-pim command-
      line parameters to support specification of or being queried for a custom
      Personal Iteration Multiplier respectively. This affects the number of
      iterations for key derivation from the entered password. The manpage is
      also updated accordingly.
      
      Fixes Issue #307.
      9a798a76
  18. 02 Nov, 2016 1 commit
  19. 18 May, 2016 1 commit
  20. 01 Jan, 2016 1 commit
  21. 22 Nov, 2015 1 commit
  22. 20 Nov, 2015 2 commits
  23. 29 Oct, 2015 1 commit
    • Milan Broz's avatar
      Fix PBKDF2 iteration benchmark for longer key sizes. · 4609fd87
      Milan Broz authored
      The previous PBKDF2 benchmark code did not take into account
      output key length.
      For SHA1 (with 160-bits output) and 256-bit keys (and longer)
      it means that the final value was higher than it should be.
      
      For other hash algorithms (like SHA256 or SHA512) it caused
      that iteration count was smaller (in comparison to SHA1) than
      expected for the requested time period.
      
      This patch fixes the code to use key size for the formatted device
      (or default LUKS key size if running in informational benchmark mode).
      
      Thanks to A.Visconti, S.Bossi, A.Calo and H.Ragab
      (http://www.club.di.unimi.it/) for point this out.
      (Based on "What users should know about Full Disk Encryption
      based on LUKS" paper to be presented on CANS2015).
      4609fd87
  24. 08 Sep, 2015 1 commit
  25. 27 Aug, 2015 1 commit
  26. 26 Aug, 2015 3 commits
  27. 24 Feb, 2015 1 commit
  28. 20 Feb, 2015 2 commits
  29. 26 Jan, 2015 2 commits
  30. 23 Jun, 2014 1 commit
  31. 22 Jun, 2014 1 commit