On Sunday, May 27, 2018 2:33:33 PM CEST Theodore Y. Ts'o wrote: > On Sun, May 27, 2018 at 01:22:05PM +0200, Rafael J. Wysocki wrote: > > Again, the PBKDF2 user would be hibernation. It could either take a key from > > user space, which would require a key-generating user-space component to be > > present in the initramfs (I guess no issue for a regular distro, but I can > > imagine cases when it may be a difficulty), or take a passphrase from user > > space and generate a key by itself (that's what we would like to use PBKDF2 > > for). > > Right, but are you going to get the passphrase from user space? You > have to prompt from user space anyway, Right. > so running PBPDF2 from > userspace isn't that big of deal. Feel free to grab the > implementation from e2fsprogs; it's not hard. :-) So that's what we'll probably end up doing.