Hi there, Debian Buster will freeze at the beginning of next year and we have people asking for the installer to format devices with `--type luks2`. (FWIW, I think these requests to default to `--type luks2` are mostly motivated by a better PBKDF, so nothing impossible to obtain by conversion from an existing LUKS1 device.) Personally I'd rather *not* have such custom defaults in the installer. Do you have any plan to have `luksFormat` default to LUKS2 at some point? If so, any idea, when that would happen? ;-) Given the warning in the latest Release Notes [0] I assume LUKS2 is not mature enough for our installer yet. Not sure what other distros are doing, but for Debian we're waiting for that scary warning to disappear (or alternatively, an explicit blessing from upstream) before promoting LUKS2 (and latter authenticated encryption — once a better AEAD algorithm is available) in our installer and documentation :-) Cheers, -- Guilhem. [0] https://kernel.org/pub/linux/utils/cryptsetup/v2.0/v2.0.3-ReleaseNotes
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
