|
@@ -18,7 +18,7 @@ You can play around with the iteration count.
|
|
A higher iteration is more secure but will take GRUB a **very** long time to decrypt.
|
|
A higher iteration is more secure but will take GRUB a **very** long time to decrypt.
|
|
The [debian encrypted boot guide](https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html) recommends a count of 500,000 which will still take GRUB a very long time (around 25 seconds) but is faster than the default 1000,000.
|
|
The [debian encrypted boot guide](https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html) recommends a count of 500,000 which will still take GRUB a very long time (around 25 seconds) but is faster than the default 1000,000.
|
|
Use whatever count makes you feel comfortable.
|
|
Use whatever count makes you feel comfortable.
|
|
-I'll use and arbitrarily low count.
|
|
|
|
|
|
+I'll use an arbitrarily low count.
|
|
You'll also want to use a different password than you intend to use for your root partition.
|
|
You'll also want to use a different password than you intend to use for your root partition.
|
|
We don't want someone to be able to get our root key by brute-forcing our less secure boot key.
|
|
We don't want someone to be able to get our root key by brute-forcing our less secure boot key.
|
|
|
|
|