Am Montag, 23. August 2021, 15:13:04 CEST schrieb Ludwig Nussel:
Hi,
For some years upstream cryptsetup already used LUKS2 as default on-disk format. The Tumbleweed package stayed with LUKS1 so far though. As grub 2.06 recently gained LUKS2 support, cryptsetup can finally switch. A cryptsetup 2.4.0 update is currently in staging and will likely land in TW soon. After that new installations will use LUKS2 for encrypted hard disks. Unfortunately grub2 can't handle Argon2 as key-derivation function yet. So TW has to stay with PBKDF2 for now.
Information about LUKS2 etc can be found upstream: https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home
So the encrypted home partition -- LUKS1 -- on my SSD will after a certain zypper dup be encrypted with LUKS2 ? That sounds scary to me, even more, since snapper rollback probably wouldn't work, would it? -- Regards, Alexander