cryptsetup benchmark , deciding wich hash to use PBKDF2

user7z · 2024-07-12 11:43:03

i use aes-xts-plain64, the thing that confusing me is the PBKDF2 iterations , is the lless is the better ? or more is better ?
here is the benchmarks :

PBKDF2-sha256    6345391 iterations per second for 256-bit key
PBKDF2-sha512    2182260 iterations per second for 256-bit key
PBKDF2-sha256    3125412 iterations per second for 512-bit key
PBKDF2-sha512    2137769 iterations per second for 512-bit key

another thins is my TPM capabilities here is the luksDump :

 
0: systemd-tpm2
        tpm2-hash-pcrs:   7
        tpm2-pcr-bank:    sha256
        tpm2-pubkey:
                    (null)
        tpm2-pubkey-pcrs: 
        tpm2-primary-alg: ecc
        tpm2-pcrlock:     false
        tpm2-salt:        false
        tpm2-srk:         true
        tpm2-pcrlock-nv:  false
        Keyslot:    1
Digests:
  0: pbkdf2
        Hash:       sha512
        Iterations: 273066

so is it bad configuration to use sha512 and key size 512 ?

ua4000 · 2024-07-21 12:31:10

user7z wrote:

i use aes-xts-plain64, the thing that confusing me is the PBKDF2 iterations , is the lless is the better ? or more is better ?

"better" depends on: security or performance - which are you interested in ?

Arch Linux

#1 2024-07-12 11:43:03

cryptsetup benchmark , deciding wich hash to use PBKDF2

#2 2024-07-21 12:31:10

Re: cryptsetup benchmark , deciding wich hash to use PBKDF2

Board footer