Hi, The --iter-time option currently defaults to 1000 (one second), and the manpage says that's "sufficient for good security". Are there any more detailed explanations, benchmarks, threat models or something? I did an ad-hoc test with -i set to 1000, 2000, 3000, ..., 10000. After each luksFormat I checked the number of iterations with luksDump. Here are the results on my system: 109541, 220246, 330066, 435124, 550875, 657324, 770518, 869408, 992043, 1083320 So basically, it's a roughly linear relation between the -i value and number of iterations. How can I find out or quantify or evaluate whether I should just use the default, or whether it's better to use maybe 3000? 4000? 10000? Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unmaintained-free-software.org
Attachment:
signature.asc
Description: Digital signature
