mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

crypto: increase default pbkdf2 time for luks to 2 seconds

Browse Source 
cryptsetup recently increased the default pbkdf2 time to 2 seconds
to partially mitigate improvements in hardware performance wrt
brute-forcing the pbkdf algorithm. This updates QEMU defaults to
match.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2016-09-07 12:48:32 +01:00
parent acd0dfd0c2
commit 2ab66cd577
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/block-luks.c
View File

@ -921,7 +921,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts)); memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts));
if (!luks_opts.has_iter_time) { if (!luks_opts.has_iter_time) {
luks_opts.iter_time = 1000; luks_opts.iter_time = 2000;
} }
if (!luks_opts.has_cipher_alg) { if (!luks_opts.has_cipher_alg) {
luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256; luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256;

2
qapi/crypto.json
View File

@ -187,7 +187,7 @@
# Currently defaults to 'sha256' # Currently defaults to 'sha256'
# @iter-time: #optional number of milliseconds to spend in # @iter-time: #optional number of milliseconds to spend in
# PBKDF passphrase processing. Currently defaults # PBKDF passphrase processing. Currently defaults
# to 1000. (since 2.8) # to 2000. (since 2.8)
# Since: 2.6 # Since: 2.6
## ##
{ 'struct': 'QCryptoBlockCreateOptionsLUKS', { 'struct': 'QCryptoBlockCreateOptionsLUKS',