On Thu, 2019-03-14 at 12:36 +0000, Dimitri John Ledkov wrote: > Meaning that 1GB of RAM is required at luksOpen. This is a > significant > RAM increase compared to the previous defaults used in LUKS1. Well that's by design of Argon2, to make brute force hashing much harder for an attacker.
> For example many IoT and Pi devices have 1GB of ram in total, and > thus > would OOM kill when trying to luksOpen. IoT devices typicall give a sh** about security (at least commercial ones),... so why should the majority of users suffer greatly in their security just to fulfill the anyway questionable needs of a small minority? > Please consider reducing the default memory requirement of the > argon2i > in luks2 by default, or switching to pbkdf2 for LUKS2 as well. Or one could just disable the iterations altogether,... or switch do faster MD5, or replace AES by even faster Caesar cipher... If someone really thinks he needs the just "encrypted-label" attached to their thing but doesn't care about actual security, the defaults can always manually be lowered... but why should everyone suffer from this? Debian should not further weaken the sane (and actually quite conservative) defaults of upstream. There's apparently already the decision made (against the explicit recommendation from upstream) to overwrite the no-discard default. Let's please try to not create even yet another debacle like Debian- OpenSSL-RNG in dm-crypt/cryptsetup. Cheers, Chris.
