Hi Milan, Whonix (privacy distro) maintainer here. We are researching the best password advice to give to our users and while diceware is a great improvement over the status quo, the recommendation by cryptographers in light of quantum computing is to choose pass phrases with a length equivalent to 256 bits because Grovers will halve the bit length. This requires phrases to be 20 words long for 256 bits which is excessive IMO and the reason we are looking at key-stretching for shorter ones instead. * What is the time/sec margin added to a password with Argon2id's best parameters? * Have Argon's parameters been tweaked in the LUKS implementation, to account for the 2 public attacks? [0] * Are more cryptanalytic attacks expected against it in the future or is it extremely unlikely for progress against to be made? (For example modern hashes like BLAKE2 or block ciphers like AES are pretty robust with no notable attacks for some time) * Can you please give an example of cryptsetup re-encrypt command that upgrades an existing LUKS1 system to one that uses Argon with its max settings? CC/d our ML so users can benefit from your reply. [0] https://en.wikipedia.org/wiki/Argon2#Cryptanalysis _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
