Since Debian 13 (Trixie), when using the default FDE which uses grub to decrypt the luks partition, I have a single attempt

When the password is mistyped there is a long pause (over 10 seconds) and then the error appears.

I already tried increasing the max tries, which seems to be set to 1 when a keyfile is used.

Will update for more info

  • Derpgon@programming.dev
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    Is it? I always though the password is hashed via Bcrypt (or similar) with very high difficulty so it takes some time to check

      • Derpgon@programming.dev
        link
        fedilink
        arrow-up
        0
        ·
        10 months ago

        So, it is purely a software timeout and not hardware due to key derivation algorithm? That’s partly understandable and partly a security hole if it can be disabled so easily.