Default PRF algorithm on legacy bootloader?
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
Good day everyone, recently i'm dealing with an older machine. I encrypted the system partition, you can already see where this is going: long and boring boot time.
Since this is a legacy system the only available PRF algorithms are SHA-256 and BLAKE2s-256. I chose the latter, which is way faster but at the verification step the bootloader is obviously using SHA-256 first, which makes the booting time unnecessarily long...
So my request would be to be able to set a default PRF for the bootloader so that it doesn't waste time.
Hi GC,
There is an issue with the Pre-Boot benchmark: it is only an estimation and does not reflect the actual Pre-Boot time you can expect. Unfortunately, this estimation can be significantly inaccurate because the legacy bootloader operates in 16-bit mode, whereas Windows runs in 64-bit mode. Additionally, the hash algorithm code benefits from the optimizations provided by 64-bit C/C++ compilers, which the older 16-bit compilers cannot achieve.
Moreover, modern hash algorithms like BLAKE2s and SHA-256 are designed for 32-bit and 64-bit systems. These algorithms are inherently inefficient on 16-bit systems and no matter the level of optimization applied, they will always perform very slowly in such legacy environments.
To address your specific configuration: the bootloader is already using only BLAKE2s, so there is no need to set a default PRF configuration.
The only practical way to speed up booting on such old machines is to use a custom PIM value that is small enough to achieve an acceptable boot time. To do this, you should use a password that is at least 20 characters long. A PIM value of 1 will provide the fastest possible boot.
To change the PIM value, you don’t need to re-encrypt the system. Simply go to the menu System -> Change Password.
Well, i guess time it's a small price to pay on a legacy system, i'm too scared to forget the PIM... Thank you so much for this thorough explanation, and for your software as well.