manual updates for argon2

This commit is contained in:
Jaromil 2022-02-20 21:56:33 +01:00
parent 5c932b00fd
commit bcc6f03174

View File

@ -39,19 +39,17 @@ with random data, decreasing the tomb's security.
.B .B
.IP "forge" .IP "forge"
Creates a new \fIkey\fR and prompts the user for a \fIpassword\fR to Creates a new \fIkey\fR and prompts the user for a \fIpassword\fR to protect
protect its usage using symmetric encryption. This operation uses its usage using symmetric encryption. This operation uses random data from a
random data from a non-blocking source (/dev/urandom) and it may take non-blocking source (/dev/urandom) and it may take long only in some cases; to
long only in some cases; to switch using a blocking source the switch using a blocking source the \fI--use-random\fR flag can be used. The
\fI--use-random\fR flag can be used. The \fI-g\fR option switches on \fI-g\fR option switches on the use of a GPG key instead of a password
the use of a GPG key instead of a password (asymmetric encryption), (asymmetric encryption), then the \fI-r\fR option indicates the recipient key;
then the \fI-r\fR option indicates the recipient key; more recipient more recipient GPG ids can be indicated (comma separated). The default cipher
GPG ids can be indicated (comma separated). The default cipher to to protect the key is AES256, a custom one can be specified using the \fI-o\fR
protect the key is AES256, a custom one can be specified using the option, for a list of supported ciphers use \fI-v\fR. For additional protection
\fI-o\fR option, for a list of supported ciphers use \fI-v\fR. For against dictionary attacks on keys, the \fI--kdf\fR option can be used when
additional protection against dictionary attacks on keys, the forging a key, making sure that the binaries in \fIextras/kdf\fR were compiled
\fI--kdf\fR option can be used when forging a key, making sure that
the \fItomb-kdb-pbkdf2\fR binaries in \fIextras/kdf\fR were compiled
and installed on the system. and installed on the system.
.B .B
@ -269,11 +267,22 @@ can be one or more GPG key ID, comma separated. All GPG keys must be
trusted keys in GPG. trusted keys in GPG.
.B .B
.IP "--kdf \fI<itertime>\fR" .IP "--kdf \fI<itertime>\fR"
Activate the KDF feature against dictionary attacks when creating a Activate the KDF feature against dictionary attacks when creating a key: forces
key: forces a delay of \fI<itertime>\fR times every time this key is a delay of \fI<itertime>\fR times every time this key is used. The actual time
used. The actual time to wait depends on the CPU speed of the to wait depends on the CPU speed (default) or the RAM size (argon2) of the
computer where the key is used. Using 5 or 10 is a sane amount for computer where the key is used. Using 5 or 10 is a sane amount for modern
modern computers, the value is multiplied by 1 million. computers, the value is multiplied by 1 million.
.B
.IP "--kdftype \fIargon2 | pbkdf2\fR"
Adopt the \fIargon2\fR algorithm for KDF, stressing the RAM capacity rather
than the CPU speed of the computer decrypting the tomb. Requires the
\fIargon2\fR binary by P-H-C to be installed, as packaged by most distros.
Default is \fIpbkdf2\fR.
.B
.IP "--kdfmem \fI<memory>\fR"
In case of \fIargon2\fR KDF algorithm, this value specifies the size of RAM
used: it consists of a number which is the elevated power of two in bytes.
Default is 18 which is 262 MiB (2^18 bytes).
.B .B
.IP "--sudo \fI<executable>\fR" .IP "--sudo \fI<executable>\fR"
Select a different tool than sudo for privilege escalation. Select a different tool than sudo for privilege escalation.