On Sat, Nov 21, 2009 at 01:40:05PM +0100, Stefan Xenon wrote: > > Good idea, I like it. However use the same time as for the keyslots. > > There is really no reason to have one use less iterations than > > the other. > > > > The two iterations are linked security-wise, so treating them the same > > makes sense. > > > > Incidentially, it should only add the time once, there is only > > one Master Key. > > Sounds good for me as well. While I don't know the details I am > wondering if the result may be influenced by other processes executed at > the same time. This means, when heavy processes are running in the > background (e.g. compilation), the iteration calculation may become > slower and thus the amount of iterations smaller as it would be > normally. Please note that I don't know the implementation details but > just want to point out this theoretical problem. Sopuld not be an issue. If done right, this is CPU miliseconds, not elapsed miliseconds. An being off by 50% does not matter a lot in this application anyways. > Also the possibility to recalculate the iterations might be useful, > after an upgrade of the computer (but with remaining storage device). > Especially external hard drives might be in use for more years compared > to the CPU. That is done on reformat, which also is really the only simple way to change such a setting. On the other hand, the used values are already intended for "many years", so I think this is not a concern. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
