From 453ccd50e6a8985b28240e413da0bb077a53008c Mon Sep 17 00:00:00 2001
From: Leah Rowe <info@minifree.org>
Date: Thu, 1 Sep 2016 10:09:50 +0100
Subject: docs/gnulinux/encrypted_parabola: add iteration time to cryptsetup
 command

---
 docs/gnulinux/encrypted_parabola.html | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'docs')

diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html
index 24a9dac8..cb5f8f52 100644
--- a/docs/gnulinux/encrypted_parabola.html
+++ b/docs/gnulinux/encrypted_parabola.html
@@ -147,6 +147,11 @@
                 Note that the default iteration time is 2000ms (20 seconds) if not specified
                 in cryptsetup. You should set a lower time than this, otherwise there will be
                 an approximate 20 second delay when booting your system.
+                We recommend 500ms (5 seconds), and this is included in the prepared
+                cryptsetup command below.
+                Note that the iteration time is for security purposes (mitigates
+                brute force attacks), so anything lower than 5 seconds is probably
+                not ok.
             </p>
 			<p>
 				I am using MBR partitioning, so I use cfdisk:<br/>
@@ -177,7 +182,7 @@
 			</p>
 			<p>
 				I am initializing LUKS with the following:<br/>
-				# <b>cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --use-random --verify-passphrase luksFormat /dev/sda1</b>
+				# <b>cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --iter-time 500 --use-random --verify-passphrase luksFormat /dev/sda1</b>
 				Choose a <b>secure</b> passphrase here. Ideally lots of lowercase/uppercase numbers, letters, symbols etc all in a random pattern. The
 				password length should be as long as you are able to handle without writing it down or storing it anywhere.
 			</p>
-- 
cgit v1.2.3-70-g09d2