Can I specify PBKDF2 rounds to use with LUKS/dm-crypt?

I have encrypted my root partition with dm-crypt/LUKS/cryptsetup on Ubuntu 12.04.

Since it uses PBKDF2:

  1. Is it possible, during creation of the encrypted disk, to specify a custom amount of PBKDF2 iterations for key derivation?
  2. Is it possible, after the encrypted disk has already been created, to modify the amount of PBKDF2 iterations for key derivation?

I'd like to make it a little harder to brute-force :)


Is it possible, during creation of the encrypted disk, to specify a custom amount of PBKDF2 iterations for key derivation?

Yes. From the cryptsetup manual:

--iter-time, -i
    The number of milliseconds to spend with
    PBKDF2 password processing. This option
    is only relevant to the LUKS operations
    as luksFormat or luksAddKey. 

Specifying the -i / --iter-time allows you to choose a desired unlock time in milliseconds. It will then benchmark the iteration count to achieve a certain execution time on your exact system.

Is it possible, after the encrypted disk has already been created, to modify the amount of PBKDF2 iterations for key derivation?

LUKS1 Answer: Yes, though it's a bit of a pain. Versions of cryptsetup 1.5.0 and later come with the cryptsetup-reencrypt tool for offline re-encryption, which allows you to change the settings. From what I've read, it does a full re-encryption of the whole disk, which will take a long time. Technically it should only need to re-encrypt a new volume header, but there are security reasons for re-encrypting everything.

Update / 2021 News for LUKS2: There's now a safe, built-in cryptsetup reencrypt command which does a checksummed, resumable re-encryption which is safe against power loss. All LUKS2 disks should use the new tool since it is much safer than the old external (cryptsetup-reencrypt) tool. Check the cryptsetup man page for the new command's usage.