[Feature Request] --iter-time

[git70]

Can you add to the "Create A New Volume" window the option to choose my own --iter-time? (instead of default 2000ms)

In special cases (requiring extremely high security), the user may accept a long container opening time.

PS: Are there other parameters in LUKS2 that can increase extreme security?

[mhogomchungu]

Done.

This is the only option for luks1 and luks2 has additional options that sets memory and number of threads. Documentation for all three options are:

       --iter-time, -i <number of milliseconds>
              The number of milliseconds to spend with PBKDF passphrase processing.  This option
              is only relevant for LUKS operations that set or change passphrases, such as luks‐
              Format or luksAddKey.  Specifying 0 as parameter selects the compiled-in default.

       --pbkdf-memory <number>
              Set  the  memory  cost for PBKDF (for Argon2i/id the number represents kilobytes).
              Note that it is maximal value, PBKDF benchmark or available  physical  memory  can
              decrease it.  This option is not available for PBKDF2.

       --pbkdf-parallel <number>
              Set  the  parallel  cost  for PBKDF (number of threads, up to 4).  Note that it is
              maximal value, it is decreased automatically if CPU online count is  lower.   This
              option is not available for PBKDF2.

I do not think these additional options are useful because they set maximum values and are useful to set upper limits and are useful for systems with limited resources.

[git70]

Thank you Francis! Will it be in official version 5.7.2 over the weekend?

[mhogomchungu]

Yes and you can use it now if you download the newer binary packages from here: https://download.opensuse.org/repositories/home:/obs_mhogomchungu/xUbuntu_20.04/amd64/