http://bugzilla.opensuse.org/show_bug.cgi?id=1184069 http://bugzilla.opensuse.org/show_bug.cgi?id=1184069#c14 --- Comment #14 from Klaus Mueller <andihartmann@freenet.de> --- (In reply to Andreas Stieger from comment #12)
It is true that the key strengthening function is tuned to take about 1000ms for a single run to generate the key from the passphrase. The underlying problem is that the single-threaded performance for this operation has diverged so much from the running system to grub, so that strengthening parameters picked will make it run slower in grub.
This means: grub should urgently implement multi threaded operations to cope with the system capabilities. It's usual since years to parallelize work.
You can use different parameters, it is not fundamentally less secure.
The high number of iterations compensates for the poor entropy of probably most passphrases / passwords in the wild. That's how I understood it so far. Therefore it would be fatal to reduce the number of iterations to derive the key. If you have a big enough key initially derived from /dev/(u)random, it's surly possible to massively reduce the amount of iterations without reducing security at all most probably. Unfortunately, my passphrases don't reach this high entropy. -- You are receiving this mail because: You are on the CC list for the bug.