Increased scrypt hardness to (N=1048576, r=4, p=8) to make it harder to crack the key while allowing cryfs to take advantage of multicore machines.

This commit is contained in:
Sebastian Messmer 2018-05-19 14:33:28 -07:00
parent 9c98c5d788
commit eb8682887f
2 changed files with 2 additions and 1 deletions
ChangeLog.txt
src/cpp-utils/crypto/kdf

@ -10,6 +10,7 @@ New Features & Improvements:
* CryFS tells the operating system to not swap the encryption key to the disk (note: this is best-effort and cannot be guaranteed. Hibernation, for example, will still write the encryption key to the disk) * CryFS tells the operating system to not swap the encryption key to the disk (note: this is best-effort and cannot be guaranteed. Hibernation, for example, will still write the encryption key to the disk)
* New block size options: 4KB and 16KB * New block size options: 4KB and 16KB
* New default block size: 16KB * New default block size: 16KB
* Increased scrypt hardness to (N=1048576, r=4, p=8) to make it harder to crack the key while allowing cryfs to take advantage of multicore machines.
Fixed bugs: Fixed bugs:
* `du` shows correct file system size on Mac OS X. * `du` shows correct file system size on Mac OS X.

@ -22,7 +22,7 @@ namespace cpputils {
class SCrypt final : public PasswordBasedKDF { class SCrypt final : public PasswordBasedKDF {
public: public:
static constexpr SCryptSettings ParanoidSettings = SCryptSettings {32, 1048576, 8, 16}; static constexpr SCryptSettings ParanoidSettings = SCryptSettings {32, 1048576, 8, 16};
static constexpr SCryptSettings DefaultSettings = SCryptSettings {32, 1048576, 4, 4}; static constexpr SCryptSettings DefaultSettings = SCryptSettings {32, 1048576, 4, 8};
static constexpr SCryptSettings TestSettings = SCryptSettings {32, 1024, 1, 1}; static constexpr SCryptSettings TestSettings = SCryptSettings {32, 1024, 1, 1};
static unique_ref<SCrypt> forNewKey(const SCryptSettings &settings); static unique_ref<SCrypt> forNewKey(const SCryptSettings &settings);