Just tested it in a container. The original screenshot is wrong:
Just tested it in a container. The original screenshot is wrong:
Sadly in countries without a pirate party, like Denmark, you can’t (as far as I know) vote for the EP pirate party.
Same thing here :)
Well, it’s about SUSE not OpenSUSE.
The article is almost 70 days old, and Clemens Fruhwirth, one of the creators of LUKS, has responded:
A random keyboard typable character gives you around 6 bits of entropy. 20 of those give you 120 bits of entropy. Even without a KDF, brute-forcing this key space is infeasible with today’s hardware. Even with PBKDF2, a 13-character password should be enough to keep your data secure for your lifetime.[1]
It is much more likely that there was some security failure in the linked case other than PBKDF2. That said, I support the upgrade to Argon2.
[1] In my thesis on LUKS, Chapter 5.3 Passwords from entropy weak sources anticipates the creation of specialized hardware for breaking PBKDF2. The “13 characters should be enough” advice is found on Page 86, Table 5.4, top left cell. It gives a 78-bit recommendation (=13 characters) in the worst-case scenario, which is Moore’s law continues to double the attacker speed every 2 years.
It doesn’t seem like it’s such a big deal.
I think this is the more probable version of events.