aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorLeah Rowe <info@minifree.org>2016-09-01 10:09:50 +0100
committerLeah Rowe <info@minifree.org>2016-09-01 10:09:50 +0100
commit453ccd50e6a8985b28240e413da0bb077a53008c (patch)
treee83921265f1ad6fa09c2309403d089eaf7708b58 /docs
parente720da2bee585b8185666c033a5df44c5ae1e16f (diff)
downloadlibrebootfr-453ccd50e6a8985b28240e413da0bb077a53008c.tar.gz
librebootfr-453ccd50e6a8985b28240e413da0bb077a53008c.zip
docs/gnulinux/encrypted_parabola: add iteration time to cryptsetup command
Diffstat (limited to 'docs')
-rw-r--r--docs/gnulinux/encrypted_parabola.html7
1 files changed, 6 insertions, 1 deletions
diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html
index 24a9dac8..cb5f8f52 100644
--- a/docs/gnulinux/encrypted_parabola.html
+++ b/docs/gnulinux/encrypted_parabola.html
@@ -147,6 +147,11 @@
Note that the default iteration time is 2000ms (20 seconds) if not specified
in cryptsetup. You should set a lower time than this, otherwise there will be
an approximate 20 second delay when booting your system.
+ We recommend 500ms (5 seconds), and this is included in the prepared
+ cryptsetup command below.
+ Note that the iteration time is for security purposes (mitigates
+ brute force attacks), so anything lower than 5 seconds is probably
+ not ok.
</p>
<p>
I am using MBR partitioning, so I use cfdisk:<br/>
@@ -177,7 +182,7 @@
</p>
<p>
I am initializing LUKS with the following:<br/>
- # <b>cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --use-random --verify-passphrase luksFormat /dev/sda1</b>
+ # <b>cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --iter-time 500 --use-random --verify-passphrase luksFormat /dev/sda1</b>
Choose a <b>secure</b> passphrase here. Ideally lots of lowercase/uppercase numbers, letters, symbols etc all in a random pattern. The
password length should be as long as you are able to handle without writing it down or storing it anywhere.
</p>