| Message ID | 1473352047-908-6-git-send-email-berrange@redhat.com |
|---|---|
| State | New |
| Headers | show |
On 09/08/2016 11:27 AM, Daniel P. Berrange wrote: > cryptsetup recently increased the default pbkdf2 time to 2 seconds > to partially mitigate improvements in hardware performance wrt > brute-forcing the pbkdf algorithm. This updates QEMU defaults to > match. > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > --- > crypto/block-luks.c | 2 +- > qapi/crypto.json | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > +++ b/qapi/crypto.json > @@ -187,7 +187,7 @@ > # Currently defaults to 'sha256' > # @iter-time: #optional number of milliseconds to spend in > # PBKDF passphrase processing. Currently defaults > -# to 1000. Since 2.8 > +# to 2000. Since 2.8 Possible merge conflicts if you address my comments in earlier patches, but those are trivial. Reviewed-by: Eric Blake <eblake@redhat.com>
diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 7d5893a..c843983 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -921,7 +921,7 @@ qcrypto_block_luks_create(QCryptoBlock *block, memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts)); if (!luks_opts.has_iter_time) { - luks_opts.iter_time = 1000; + luks_opts.iter_time = 2000; } if (!luks_opts.has_cipher_alg) { luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256; diff --git a/qapi/crypto.json b/qapi/crypto.json index 1527f4b..e7a2ba2 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -187,7 +187,7 @@ # Currently defaults to 'sha256' # @iter-time: #optional number of milliseconds to spend in # PBKDF passphrase processing. Currently defaults -# to 1000. Since 2.8 +# to 2000. Since 2.8 # Since: 2.6 ## { 'struct': 'QCryptoBlockCreateOptionsLUKS',
cryptsetup recently increased the default pbkdf2 time to 2 seconds to partially mitigate improvements in hardware performance wrt brute-forcing the pbkdf algorithm. This updates QEMU defaults to match. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- crypto/block-luks.c | 2 +- qapi/crypto.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)