Can I specify PBKDF2 rounds to use with LUKS/dm-crypt?
I have encrypted my root partition with dm-crypt/LUKS/cryptsetup on Ubuntu 12.04.
Since it uses PBKDF2:
- Is it possible, during creation of the encrypted disk, to specify a custom amount of PBKDF2 iterations for key derivation?
- Is it possible, after the encrypted disk has already been created, to modify the amount of PBKDF2 iterations for key derivation?
I'd like to make it a little harder to brute-force :)
Is it possible, during creation of the encrypted disk, to specify a custom amount of PBKDF2 iterations for key derivation?
Yes. From the cryptsetup manual:
--iter-time, -i
The number of milliseconds to spend with
PBKDF2 password processing. This option
is only relevant to the LUKS operations
as luksFormat or luksAddKey.
Specifying the -i / --iter-time allows you to choose a desired unlock time in milliseconds. It will then benchmark the iteration count to achieve a certain execution time on your exact system.
Is it possible, after the encrypted disk has already been created, to modify the amount of PBKDF2 iterations for key derivation?
LUKS1 Answer: Yes, though it's a bit of a pain. Versions of cryptsetup 1.5.0 and later come with the cryptsetup-reencrypt tool for offline re-encryption, which allows you to change the settings. From what I've read, it does a full re-encryption of the whole disk, which will take a long time. Technically it should only need to re-encrypt a new volume header, but there are security reasons for re-encrypting everything.
Update / 2021 News for LUKS2: There's now a safe, built-in cryptsetup reencrypt command which does a checksummed, resumable re-encryption which is safe against power loss. All LUKS2 disks should use the new tool since it is much safer than the old external (cryptsetup-reencrypt) tool. Check the cryptsetup man page for the new command's usage.