You are creating a new encrypted partition on /dev/nvme0n1p3 with the command:
cryptsetup luksFormat /dev/nvme0n1p3
The security policy states that the key-derivation function must be the memory-hard Argon2id algorithm rather than the default PBKDF2. Which single additional option must you pass to cryptsetup to meet this requirement?
cryptsetup selects the Password-Based Key Derivation Function (PBKDF) with the --pbkdf option. Supplying argon2id to that parameter instructs cryptsetup to store the passphrase using the memory-hard Argon2id algorithm, which greatly increases the cost of offline brute-force attacks. The other options shown do not change the PBKDF: --hash only specifies the hash used inside PBKDF2, --kdf is not a valid cryptsetup option, and --type selects the LUKS header version (luks1 or luks2) but leaves the PBKDF unchanged.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a key-derivation function (KDF) in cryptography?
Open an interactive chat with Bash
Why is Argon2id considered more secure than PBKDF2?
Open an interactive chat with Bash
What is the role of the `--pbkdf` option in the cryptsetup command?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access