Martin Wilck wrote:
On Wed, 2021-08-25 at 12:09 +0200, Thorsten Kukuk wrote:
On Wed, Aug 25, Martin Wilck wrote:
On Wed, 2021-08-25 at 11:02 +0200, AW wrote:
Always and ever, but home partitions tend to have, like mine, hundreds of gigabyte and more. Reinstalling a system takes 90 minutes, but getting the home partition back is a completely other kind of sports.
Why do you want to convert an existing LUKSv1 home partition to LUKSv2?
Why do we update to the new format? Because it has a few advantages, I suppose. LUKS2 "allows additional extensions like different PBKDF algorithm or authenticated encryption" says the man page. So there are reasons to want to use this for existing systems, not only for new installations.
Personally, I'm just now preparing a new system which I intend to use over several years, so the choice of the disk format does matter, in particular the question whether LUKS1 will look totally outdated in 5 years. If there was a reliable conversion path, I'd happily use LUKS1 now. Otherwise it might make sense to apply some non-standard package updates to use LUKS2 already today, before substantial amounts of data pile up on my encrypted partition.
LUKS1 vs LUKS2 is mostly about the header format. You can convert from one to the other. See man cryptsetup, convert subcommand. For data partitions you can safely use LUKS2. No extra hacks needed actually, it's supported by cryptsetup since 15.0 already. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.com/ SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer HRB 36809 (AG Nürnberg)