util: Limit cryptsetup PBKDF memory usage #3781
Conversation
nixpanic
added
component/rbd
|
Just wondering what the downside of this change is. Will the generated key be less secure, or does it take more time to generate it? Please update the subject of the commit message to have the prefix |
BenoitKnecht
force-pushed
the
cryptsetup-pbkdf-memory
branch
from
c0f6251
to
a7b1dea
Compare
BenoitKnecht
changed the title
As far as I know, the main reason for making the PBKDF algorithm memory-intensive too is to make GPU-base brute-force attacks harder (or more expensive). GPUs can run hundreds of threads in parallel, but if each of them need a substantial amount of memory, that becomes your limiting factor. So the generated key itself is not less secure if you reduce the memory limit, it's just "easier" to compute the derived key based on the passphrase. But since in Ceph CSI the passphrase itself already has 160 bits of entropy, a brute-force attack is already quite difficult to pull off, so in practice I don't think it reduces the level of security in a meaningful way. |
|
@Mergifyio rebase |
By default, `cryptsetup luksFormat` uses Argon2i as Password-Based Key Derivation Function (PBKDF), which not only has a CPU cost, but also a memory cost (to make brute-force attacks harder). The memory cost is based on the available system memory by default, which in the context of Ceph CSI can be a problem for two reasons: 1. Pods can have a memory limit (much lower that the memory available on the node, usually) which isn't taken into account by `cryptsetup`, so it can get OOM-killed when formating a new volume; 2. The amount of memory that was used during `cryptsetup luksFormat` will then be needed for `cryptsetup luksOpen`, so if the volume was formated on a node with a lot of memory, but then needs to be opened on a different node with less memory, `cryptsetup` will get OOM-killed. This commit sets the PBKDF memory limit to a fixed value to ensure consistent memory usage regardless of the specifications of the nodes where the volume happens to be formatted in the first place. The limit is set to a relatively low value (32 MiB) so that the `csi-rbdplugin` container in the `nodeplugin` pod doesn't require an extravagantly high memory limit in order to format/open volumes (particularly with operations happening in parallel), while at the same time not being so low as to render it completely pointless. Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
✅ Branch has been successfully rebased |
Madhu-1
force-pushed
the
cryptsetup-pbkdf-memory
branch
from
a7b1dea
to
52bcb1c
Compare
|
/test ci/centos/k8s-e2e-external-storage/1.24 |
|
/test ci/centos/k8s-e2e-external-storage/1.25 |
|
/test ci/centos/k8s-e2e-external-storage/1.26 |
|
/test ci/centos/k8s-e2e-external-storage/1.27 |
|
/test ci/centos/mini-e2e-helm/k8s-1.24 |
|
/test ci/centos/mini-e2e-helm/k8s-1.25 |
|
/test ci/centos/mini-e2e-helm/k8s-1.26 |
|
/test ci/centos/mini-e2e-helm/k8s-1.27 |
|
/test ci/centos/mini-e2e/k8s-1.24 |
|
/test ci/centos/mini-e2e/k8s-1.25 |
|
/test ci/centos/mini-e2e/k8s-1.26 |
|
/test ci/centos/mini-e2e/k8s-1.27 |
|
/test ci/centos/upgrade-tests-cephfs |
|
/test ci/centos/upgrade-tests-rbd |
Describe what this PR does
By default,
cryptsetup luksFormatuses Argon2i as Password-Based Key Derivation Function (PBKDF), which not only has a CPU cost, but also a memory cost (to make brute-force attacks harder).The memory cost is based on the available system memory by default, which in the context of Ceph CSI can be a problem for two reasons:
cryptsetup, so it can get OOM-killed when formating a new volume;cryptsetup luksFormatwill then be needed forcryptsetup luksOpen, so if the volume was formated on a node with a lot of memory, but then needs to be opened on a different node with less memory,cryptsetupwill get OOM-killed.This commit sets the PBKDF memory limit to a fixed value to ensure consistent memory usage regardless of the specifications of the nodes where the volume happens to be formatted in the first place.
The limit is set to a relatively low value (32 MiB) so that the
csi-rbdplugincontainer in thenodepluginpod doesn't require an extravagantly high memory limit in order to format/open volumes (particularly with operations happening in parallel), while at the same time not being so low as to render it completely pointless.Context
Prior to this change,
cryptsetupwould get OOM-killed unless we set a memory limit larger than 1GiB, which was way too much to dedicate to a container that otherwise barely needs any.Show available bot commands
These commands are normally not required, but in case of issues, leave any of
the following bot commands in an otherwise empty comment in this PR:
/retest ci/centos/<job-name>: retest the<job-name>after unrelatedfailure (please report the failure too!)
/retest all: run this in case the CentOS CI failed to start/report any testprogress or results