int cryptsetup_set_minimal_pbkdf(struct crypt_device *cd) {
+ /* With CRYPT_PBKDF_NO_BENCHMARK flag set .time_ms member is ignored
+ * while .iterations must be set at least to recommended minimum value. */
+
static const struct crypt_pbkdf_type minimal_pbkdf = {
.hash = "sha512",
.type = CRYPT_KDF_PBKDF2,
- .iterations = 1,
- .time_ms = 1,
+ .iterations = 1000, /* recommended minimum count for pbkdf2
+ * according to NIST SP 800-132, ch. 5.2 */
+ .flags = CRYPT_PBKDF_NO_BENCHMARK
};
int r;