[Whonix-devel] cryptsetup: argon2id as default PBKDF setting for new installs - Buster+

procmem procmem at riseup.net
Sun Sep 16 00:08:00 CEST 2018

Package: cryptsetup
Version: 2:2.0.4-2
Severity: important

Dear Maintainer,

As part of my work on a downstream privacy distro I asked the cryptsetup
team on how to transition current LUKS1 systems to use the improved
argon2id algo for the PBKDF implementation when using LUKS2.

While quantum computing does not have any advantage in speeding up
bruteforcing of PBKDF hashes they have a direct impact on passphrase
length. Using a 20 word diceware passphrase will be needed for
post-quantum passphase entropy of 256 bits. This is excessive and very
difficult for most users to manage hence the importance of PBKDF for

The current sha256 PBKDF used in LUKS1 is trivial to parallelize by
adversaries who have large GPU computational power, making it  a useless
countermeasure and leading users to rely on passphrase lenth for only


It would be great if all newly installed systems running Buster and
beyond used LUKS2 and argon2id out of the box instead of having users
optionally opt for a safer configuration.

The recommended config paramters by Milan Broz:

  # cryptsetup luksConvertKey --key-slot 1 --pbkdf argon2id
--pbkdf-force-iterations 50 --pbkdf-memory 1048576 --pbkdf-parallel 4

Original full reply:
[0] https://www.saout.de/pipermail/dm-crypt/2018-September/005968.html


More information about the Whonix-devel mailing list