You are not logged in.
i use aes-xts-plain64, the thing that confusing me is the PBKDF2 iterations , is the lless is the better ? or more is better ?
here is the benchmarks :
PBKDF2-sha256 6345391 iterations per second for 256-bit key
PBKDF2-sha512 2182260 iterations per second for 256-bit key
PBKDF2-sha256 3125412 iterations per second for 512-bit key
PBKDF2-sha512 2137769 iterations per second for 512-bit key
another thins is my TPM capabilities here is the luksDump :
0: systemd-tpm2
tpm2-hash-pcrs: 7
tpm2-pcr-bank: sha256
tpm2-pubkey:
(null)
tpm2-pubkey-pcrs:
tpm2-primary-alg: ecc
tpm2-pcrlock: false
tpm2-salt: false
tpm2-srk: true
tpm2-pcrlock-nv: false
Keyslot: 1
Digests:
0: pbkdf2
Hash: sha512
Iterations: 273066
so is it bad configuration to use sha512 and key size 512 ?
Offline
i use aes-xts-plain64, the thing that confusing me is the PBKDF2 iterations , is the lless is the better ? or more is better ?
"better" depends on: security or performance - which are you interested in ?
Offline