Comments (3)
josephlr
commented on May 4, 2024
1
The main way hashing hardness is configured is though the --time=TIME flag to fscrypt setup. So running:
sudo fscrypt setup --time=500ms
creates hashing parameters in /etc/fscrypt.conf which will take approximately half a second to hash a password. This is in the help text and flag usage. These parameters can also be manually adjusted by editing /etc/fscrypt.conf by hand.
It is important to note that editing this config file (either manually or though fscrypt setup) only changes the hashing costs for new passphrase-based protectors (so old ones are not broken when everything changes).
I think all the functionality is there that you would need (let me know if that's not true). I'm going to turn this issue into a bug to update the documentation to make it clearer how passphrase hashing hardness works.
from fscrypt.
josephlr
commented on May 4, 2024
This documentation will probably be incorporated as part of the manpages for #10. Either under the fscrypt entry or the fscrypt-setup entry.
from fscrypt.
ebiggers
commented on May 4, 2024
This does have a mention in the README now, in the "Configuration file" section. It's a bit brief, but no one else has asked about this, so I don't think we should keep this issue open separately from the one for the man page (#10).
from fscrypt.
Related Issues (20)
- "fscrypt metadata add-protector-to-policy" doesn't work in key files HOT 1
- Poor scriptability due to --name not being easily checkable HOT 2
- failureExitCode should return higher number than 1 if user tries to lock an already locked file
- Deleting files from folder encrypted with fscrypt HOT 4
- Partial Decrypt HOT 3
- fscrypt tests fail on non x86_64 arches (aarch64, ppc64le, s390x) HOT 7
- How to resolve "Some processes can't access unlocked encrypted files"? HOT 2
- Should we make the fscrypt metadata harder to delete? HOT 2
- multiple login nodes (multiple lustre client), how should I correctly apply the fscrypt tool to encrypt files under shared storage? HOT 1
- Unlocking of encrypted directory inside of disk partition image does not work while fscrypt confirms "ready for use" HOT 4
- Generate `fscrypt.conf` with Adiantum as the encryption mode HOT 2
- How to unlock encrypted regular files located in an unencrypted directory? HOT 8
- Obscure error message due to process address space limit HOT 5
- A question: how does diectory know what policy protects it? HOT 12
- Is it good Idea to copy and reuse policy on other device? Is it good idea to copy and reuse a protector? HOT 2
- fscrypt on CephFS does not recognize locked directories upon remount HOT 7
- fscrypt on CephFS: no buffer space available HOT 1
- Can't lock folders encrypted with fscrypt HOT 8
- Inability to change fscrypt's default directory HOT 1
- pam_fscrypt probably locks too much memory HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fscrypt.