libreboot

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README

commit 453ccd50e6a8985b28240e413da0bb077a53008c
parent e720da2bee585b8185666c033a5df44c5ae1e16f
Author: Leah Rowe <info@minifree.org>
Date:   Thu,  1 Sep 2016 10:09:50 +0100

docs/gnulinux/encrypted_parabola: add iteration time to cryptsetup command

Diffstat:
docs/gnulinux/encrypted_parabola.html | 7++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html @@ -147,6 +147,11 @@ Note that the default iteration time is 2000ms (20 seconds) if not specified in cryptsetup. You should set a lower time than this, otherwise there will be an approximate 20 second delay when booting your system. + We recommend 500ms (5 seconds), and this is included in the prepared + cryptsetup command below. + Note that the iteration time is for security purposes (mitigates + brute force attacks), so anything lower than 5 seconds is probably + not ok. </p> <p> I am using MBR partitioning, so I use cfdisk:<br/> @@ -177,7 +182,7 @@ </p> <p> I am initializing LUKS with the following:<br/> - # <b>cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --use-random --verify-passphrase luksFormat /dev/sda1</b> + # <b>cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --iter-time 500 --use-random --verify-passphrase luksFormat /dev/sda1</b> Choose a <b>secure</b> passphrase here. Ideally lots of lowercase/uppercase numbers, letters, symbols etc all in a random pattern. The password length should be as long as you are able to handle without writing it down or storing it anywhere. </p>