Suggestion: Add documentation about passphrase hashing hardness

[ghost]

I'm somehow paranoid, but I have a suggestion, include argon2 iterations as an option for encrypt/decrypt folders.

The Argon2 0~20160821-1+b1 (latest) command line shows:

$ argon2
Usage: argon2 [-h] salt [-i|-d|-id] [-t iterations] [-m memory] [-p parallelism] [-l hash length] [-e|-r]
Password is read from stdin
Parameters:
salt The salt to use, at least 8 characters
-i Use Argon2i (this is the default)
-d Use Argon2d instead of Argon2i
-id Use Argon2id instead of Argon2i
-t N Sets the number of iterations to N (default = 3)
-m N Sets the memory usage of 2^N KiB (default 12)
-p N Sets parallelism to N threads (default 1)
-l N Sets hash output length to N bytes (default 32)
-e Output only encoded hash
-r Output only the raw bytes of the hash
-h Print argon2 usage

I have been using KeePass 2.36 for storing/backuping my passwords and keyfiles (I don't like it but I use for the argon2), it includes Argon2 algorithm but I can't extract anything of keyring files on the command line due to be a GUI only app (there is kpcli but is incompatible with its keyring files); it's simple to compute an approximate time by multiplying X iterations by a number to get a desired time to open such file using X threads.

I think this feature in the fscrypt could be very useful, even more with an interactive CPU time test option.

[josephlr]

The main way hashing hardness is configured is though the --time=TIME flag to fscrypt setup. So running:

sudo fscrypt setup --time=500ms

creates hashing parameters in /etc/fscrypt.conf which will take approximately half a second to hash a password. This is in the help text and flag usage. These parameters can also be manually adjusted by editing /etc/fscrypt.conf by hand.

It is important to note that editing this config file (either manually or though fscrypt setup) only changes the hashing costs for new passphrase-based protectors (so old ones are not broken when everything changes).

I think all the functionality is there that you would need (let me know if that's not true). I'm going to turn this issue into a bug to update the documentation to make it clearer how passphrase hashing hardness works.

[josephlr]

This documentation will probably be incorporated as part of the manpages for #10. Either under the fscrypt entry or the fscrypt-setup entry.

[ebiggers]

This does have a mention in the README now, in the "Configuration file" section. It's a bit brief, but no one else has asked about this, so I don't think we should keep this issue open separately from the one for the man page (#10).