Ancor Gonzalez Sosa wrote:
On 8/23/21 3:13 PM, Ludwig Nussel wrote:
For some years upstream cryptsetup already used LUKS2 as default on-disk format. The Tumbleweed package stayed with LUKS1 so far though. As grub 2.06 recently gained LUKS2 support, cryptsetup can finally switch. A cryptsetup 2.4.0 update is currently in staging and will likely land in TW soon. After that new installations will use LUKS2 for encrypted hard disks. Unfortunately grub2 can't handle Argon2 as key-derivation function yet. So TW has to stay with PBKDF2 for now.
Information about LUKS2 etc can be found upstream: https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home
Take into account YaST still doesn't include general LUKS2 support because it comes with several challenges regarding installation. See https://bugzilla.suse.com/show_bug.cgi?id=1185291#c1
Thanks for the pointer. For now we can't use Argon2 due to grub limitations anyway. The topic of memory consumption may come back when that changes. We'll see whether we need special knobs in yast or whether libcryptsetup can be made to handle that itself then. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.com/ SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer HRB 36809 (AG Nürnberg)