On Wed, Sep 20, 2017 at 00:40:22 CEST, Milan Broz wrote: [...] > > This option can be quite dangerous but I agree that there is a use case > for it. > I agree that while this option will allow some people to shoot themselves in the foot (and hence is somewhat dangerous), it does have its uses. Unfortunately, people can always abotage themselves when using crypto, so I think the additional risk is small. One thing to think about with the memory hard KDF for LUKS2 (I assume Argon2) is whether to give the user access to all the relevant parameters. I think the same reasoning as to BPKDF2 iterations applies, i.e. warn people to not do this unless they know what they are doing, but if they want to do it anywys, give them a clean way to do so to minimize additional risks. Regards, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
