Comments (3)
The main way hashing hardness is configured is though the --time=TIME
flag to fscrypt setup
. So running:
sudo fscrypt setup --time=500ms
creates hashing parameters in /etc/fscrypt.conf
which will take approximately half a second to hash a password. This is in the help text and flag usage. These parameters can also be manually adjusted by editing /etc/fscrypt.conf
by hand.
It is important to note that editing this config file (either manually or though fscrypt setup
) only changes the hashing costs for new passphrase-based protectors (so old ones are not broken when everything changes).
I think all the functionality is there that you would need (let me know if that's not true). I'm going to turn this issue into a bug to update the documentation to make it clearer how passphrase hashing hardness works.
from fscrypt.
This documentation will probably be incorporated as part of the manpages for #10. Either under the fscrypt
entry or the fscrypt-setup
entry.
from fscrypt.
This does have a mention in the README now, in the "Configuration file" section. It's a bit brief, but no one else has asked about this, so I don't think we should keep this issue open separately from the one for the man page (#10).
from fscrypt.
Related Issues (20)
- "fscrypt metadata add-protector-to-policy" doesn't work in key files HOT 1
- Poor scriptability due to --name not being easily checkable HOT 2
- failureExitCode should return higher number than 1 if user tries to lock an already locked file
- Deleting files from folder encrypted with fscrypt HOT 4
- Partial Decrypt HOT 3
- fscrypt tests fail on non x86_64 arches (aarch64, ppc64le, s390x) HOT 7
- How to resolve "Some processes can't access unlocked encrypted files"? HOT 2
- Should we make the fscrypt metadata harder to delete? HOT 2
- multiple login nodes (multiple lustre client), how should I correctly apply the fscrypt tool to encrypt files under shared storage? HOT 1
- Unlocking of encrypted directory inside of disk partition image does not work while fscrypt confirms "ready for use" HOT 4
- Generate `fscrypt.conf` with Adiantum as the encryption mode HOT 2
- How to unlock encrypted regular files located in an unencrypted directory? HOT 8
- Obscure error message due to process address space limit HOT 5
- A question: how does diectory know what policy protects it? HOT 12
- Is it good Idea to copy and reuse policy on other device? Is it good idea to copy and reuse a protector? HOT 2
- fscrypt on CephFS does not recognize locked directories upon remount HOT 7
- fscrypt on CephFS: no buffer space available HOT 1
- Can't lock folders encrypted with fscrypt HOT 8
- Inability to change fscrypt's default directory HOT 1
- pam_fscrypt probably locks too much memory HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fscrypt.