Skip to content

Adjust luksFormat options to reduce time to open luks device on boot

clayton craft requested to merge feature/reduce-iter-time into master

As pointed out by @ollieparanoid in Matrix, creating the luks root device on a super fast modern PC results in a passphrase the requires many many hash iterations to verify and on the much slower target devices for pmos this results in a VERY long time on some devices to execute a luksOpen.

This PR introduces a new option to call cryptsetup with:

--iter-time 200 - Default in cryptsetup 1.7 is 2000ms. This results in a very large number of iterations on a modern desktop PC, and takes a long time for older devices to generate. The number of iterations are "not very security relevant" (FAQ section 3.4). This value could be lowered a bit further since they seem to recommend at least 10k iterations and this setting results in nearly 20k iterations on a Core i7 CPU.

Here's some datapoints using the new defaults this introduces on a Nokia N900. Previous open time with previous defaults (iter-time=2000ms & hash=sha256) was around 20-30 seconds.

/ # time cryptsetup luksOpen /dev/dm-1 root  
Enter passphrase for /dev/dm-1:              
real    0m 6.02s                             
user    0m 5.00s                             
sys     0m 0.07s                             
/ # cryptsetup luksDump /dev/dm-1            
LUKS header information for /dev/dm-1        

Version:        1                            
Cipher name:    aes                          
Cipher mode:    cbc-plain64                  
Hash spec:      sha1                         
Payload offset: 4096                         
MK bits:        256                          
MK digest:      4d d5 d8 49 e1 c7 b5 d5 39 7f bc 67 1b ab e0 5b c6 2a 09 83               
MK salt:        9c 16 c5 ab 55 82 50 d3 b9 ac 3e 38 ff e4 08 6c                           
                4a 38 20 cb 3e b7 9c 3d 0e 82 bc 55 13 b2 f5 91                           
MK iterations:  19475                        
UUID:           3b5c0365-46d0-4642-8748-62c3f1e7297b                                      

Key Slot 0: ENABLED                          
        Iterations:             155386       
        Salt:                   f6 ca 67 7e 66 8f d1 39 6a 2f 00 ce 4c e9 35 e5           
                                d6 a9 a8 76 b2 81 99 96 ef b1 55 91 24 53 4a e2           
        Key material offset:    8            
        AF stripes:             4000         
Key Slot 1: DISABLED                         
Key Slot 2: DISABLED                         
Key Slot 3: DISABLED                         
Key Slot 4: DISABLED                         
Key Slot 5: DISABLED                         
Key Slot 6: DISABLED                         
Key Slot 7: DISABLED                         
/ # cryptsetup benchmark                     
# Tests are approximate using memory only (no storage IO).                                
PBKDF2-sha1        26640 iterations per second for 256-bit key                            
PBKDF2-sha256      49423 iterations per second for 256-bit key                            
PBKDF2-sha512      11307 iterations per second for 256-bit key                            
PBKDF2-ripemd160   32443 iterations per second for 256-bit key                            
PBKDF2-whirlpool    7803 iterations per second for 256-bit key                            
Required kernel crypto interface not available.                                           
Ensure you have algif_skcipher kernel module loaded.

Merge request reports