Hi Andreas, there is a "work factor" (basically the old iteration count), a paralellization factor and a memory footprint. If you do not have the memory, you can probably forget opening the LUKS container. Speed down is intentionally exceptionally bad. The impact of the other factors is just linear, i.e. you may just have to wait a bit longer. I don't know whether you can open a LUKS container via cryptsetup at all if you do not have enough memory. It would probably have to start pageing and that alone would give you an extreme unlock time. Also, if the memory gets locked for the Argon2 calculation, it cannot be paged in the first place. My recommendation would be to use "--pbkdf-memory" and set a value that is supported on all your devices you want to use that LUKS container with. Regards, Arno On Fri, Jun 11, 2021 at 10:08:31 CEST, Andreas Heinlein wrote: > Hello, > > I have another question regarding the new LUKS2 header resp. the Argon2 > algorithm. > > I understand that Argon2 deliberately requires a large amount of memory, > and that this amount is dynamically calculated when creating the device. > > How does a removable device encrypted with LUKS behave in this case? If I > create the device on i.e. a Core i9 with 16 GiB RAM and then try to open > it on an Atom x5 with 1GiB, will this be possible at all? Yes, it would > be ultra-slow in any case even with LUKS1 header, because of the number of > iterations, but it would work. > > Thanks, > Andreas > _______________________________________________ > dm-crypt mailing list -- dm-crypt@xxxxxxxx > To unsubscribe send an email to dm-crypt-leave@xxxxxxxx -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list -- dm-crypt@xxxxxxxx To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
