AW wrote:
Am Montag, 23. August 2021, 15:13:04 CEST schrieb Ludwig Nussel:
For some years upstream cryptsetup already used LUKS2 as default on-disk format. The Tumbleweed package stayed with LUKS1 so far though. As grub 2.06 recently gained LUKS2 support, cryptsetup can finally switch. A cryptsetup 2.4.0 update is currently in staging and will likely land in TW soon. After that new installations will use LUKS2 for encrypted hard disks. Unfortunately grub2 can't handle Argon2 as key-derivation function yet. So TW has to stay with PBKDF2 for now.
Information about LUKS2 etc can be found upstream: https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home
So the encrypted home partition -- LUKS1 -- on my SSD will after a certain zypper dup be encrypted with LUKS2 ?
Absolutely not. The intention was to use LUKS2 for newly created partitions. Existing volumes won't be touched and LUKS1 will basically work forever. Anyway as we've learned in this discussion even if cryptsetup uses LUKS2 by default yast would still continue to create LUKS1 volumes. So nothing changes actually. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.com/ SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer HRB 36809 (AG Nürnberg)