diff options
author | Daniel P. Berrange <berrange@redhat.com> | 2016-09-07 12:48:32 +0100 |
---|---|---|
committer | Daniel P. Berrange <berrange@redhat.com> | 2016-09-19 16:30:45 +0100 |
commit | 2ab66cd577d6d0ec3c44b14cc823e76ea5a4397c (patch) | |
tree | 83ba90f474b0dbb90706b0234b7ea442f1a46c0a /crypto/block-luks.c | |
parent | acd0dfd0c252a06ec6f2146fea01b66b7bc68cfc (diff) |
crypto: increase default pbkdf2 time for luks to 2 seconds
cryptsetup recently increased the default pbkdf2 time to 2 seconds
to partially mitigate improvements in hardware performance wrt
brute-forcing the pbkdf algorithm. This updates QEMU defaults to
match.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'crypto/block-luks.c')
-rw-r--r-- | crypto/block-luks.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 3ab3250e3d..a848232034 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -921,7 +921,7 @@ qcrypto_block_luks_create(QCryptoBlock *block, memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts)); if (!luks_opts.has_iter_time) { - luks_opts.iter_time = 1000; + luks_opts.iter_time = 2000; } if (!luks_opts.has_cipher_alg) { luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256; |