提交 2ab66cd5 编写于 作者: D Daniel P. Berrange

crypto: increase default pbkdf2 time for luks to 2 seconds

cryptsetup recently increased the default pbkdf2 time to 2 seconds
to partially mitigate improvements in hardware performance wrt
brute-forcing the pbkdf algorithm. This updates QEMU defaults to
match.
Reviewed-by: NEric Blake <eblake@redhat.com>
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
上级 acd0dfd0
......@@ -921,7 +921,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts));
if (!luks_opts.has_iter_time) {
luks_opts.iter_time = 1000;
luks_opts.iter_time = 2000;
}
if (!luks_opts.has_cipher_alg) {
luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256;
......
......@@ -187,7 +187,7 @@
# Currently defaults to 'sha256'
# @iter-time: #optional number of milliseconds to spend in
# PBKDF passphrase processing. Currently defaults
# to 1000. (since 2.8)
# to 2000. (since 2.8)
# Since: 2.6
##
{ 'struct': 'QCryptoBlockCreateOptionsLUKS',
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册