Open GoogleCodeExporter opened 9 years ago
The luksFormat runs benchmark internally (depends on speed, it can take >2
seconds), so you cannot never compare luksFormat with luksOpen.
Also some time is spent not only on slot iteration but also on MK fingerprint
iteration (it should be roughly 1/8 of slot iteration time but not less than
1000 iteration).
cryptsetup benchmark is just informative, the baseline is iterating password
"foo" with salt "bar" - which can differ from real using password. These are
also using in internal benchmark). You can probably use your own test using
crypt_benchmark_kdf() libcryptsetup API.
I will perhaps later write some better benchmarking example using libcryptsetup
to explain it better...
Original comment by gmazyl...@gmail.com
on 28 Nov 2013 at 12:42
Original comment by gmazyl...@gmail.com
on 28 Nov 2013 at 12:42
Yes, I thought that --iter-time is related more to luksOpen than to luksFormat.
It also makes sense, since you usually use luksOpen more often. Maybe it can be
mentioned in man.
Also I don't mind the discrepancy of 5 or 9 times between "cryptsetup
benchmark" and my measured times. As you said, maybe the two approaches measure
different things. In my script the password is "a", but is salted with
something more complex than just "bar" I guess. I just tried a password of 24
characters and the results are the same. Must be the salt then.
What is puzzling me is that two hashes (sha1, ripemd160) get almost the right
luksOpen time of 110s, but three other hashes (sha256, sha512, whirlpool) get
all of them just 61s. And it is pretty much constant. How come? Must be some
kind of miscalculation/typo in the benchmarking code you do during luksFormat
just in sha256, sha512 and whirlpool case?
Have you tried to run my script?
Original comment by J.Fi...@gmail.com
on 28 Nov 2013 at 4:09
Well, it is not miscalculation. The problem is that KDF benchmarking have
hardcoded too many attributes. It cannot work properly without adding some
other variables (final key size, different salt size etc).
(All this probably comes from the days when LUKS had only SHA1 and key size was
usually 256bits).
Anyway, time to rewrite it better (cryptsetup benchmark will be always just
some guess, but luksOpen times should be quite precise to -i parameter).
But this is more material for next version (1.7), so will postpone fix to next
minor release...
Thanks for report.
Original comment by gmazyl...@gmail.com
on 1 Dec 2013 at 4:56
Original issue reported on code.google.com by
J.Fi...@gmail.com
on 27 Nov 2013 at 10:54