aboutsummaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
authorDaniel P. Berrange <berrange@redhat.com>2016-09-07 12:48:32 +0100
committerDaniel P. Berrange <berrange@redhat.com>2016-09-19 16:30:45 +0100
commit2ab66cd577d6d0ec3c44b14cc823e76ea5a4397c (patch)
tree83ba90f474b0dbb90706b0234b7ea442f1a46c0a /crypto
parentacd0dfd0c252a06ec6f2146fea01b66b7bc68cfc (diff)
downloadqemu-2ab66cd577d6d0ec3c44b14cc823e76ea5a4397c.zip
qemu-2ab66cd577d6d0ec3c44b14cc823e76ea5a4397c.tar.gz
qemu-2ab66cd577d6d0ec3c44b14cc823e76ea5a4397c.tar.bz2
crypto: increase default pbkdf2 time for luks to 2 seconds
cryptsetup recently increased the default pbkdf2 time to 2 seconds to partially mitigate improvements in hardware performance wrt brute-forcing the pbkdf algorithm. This updates QEMU defaults to match. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/block-luks.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 3ab3250..a848232 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -921,7 +921,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts));
if (!luks_opts.has_iter_time) {
- luks_opts.iter_time = 1000;
+ luks_opts.iter_time = 2000;
}
if (!luks_opts.has_cipher_alg) {
luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256;