[Whonix-devel] Argon2id security margin estimate and LUKS2 usage

[procmem]

Hi Milan, Whonix (privacy distro) maintainer here. We are researching
the best password advice to give to our users and while diceware is a
great improvement over the status quo, the recommendation by
cryptographers in light of quantum computing is to choose pass phrases
with a length equivalent to 256 bits because Grovers will halve the bit
length. This requires phrases to be 20 words long for 256 bits which is
excessive IMO and the reason we are looking at key-stretching for
shorter ones instead.

* What is the time/sec margin added to a password with Argon2id's best
parameters?

* Have Argon's parameters been tweaked in the LUKS implementation, to
account for the 2 public attacks? [0]

* Are more cryptanalytic attacks expected against it in the future or is
it extremely unlikely for progress against to be made? (For example
modern hashes like BLAKE2 or block ciphers like AES are pretty robust
with no notable attacks for some time)

* Can you please give an example of cryptsetup re-encrypt command that
upgrades an existing LUKS1 system to one that uses Argon with its max
settings?


CC/d our ML so users can benefit from your reply.


[0] https://en.wikipedia.org/wiki/Argon2#Cryptanalysis