On Tue, Apr 18, 2023 at 4:19 PM cagsm <cumandgets0mem00f@gmail.com> wrote:
On Tue, Apr 18, 2023 at 4:13 PM Andrei Borzenkov <arvidjaar@gmail.com> wrote:
leap 15.4, full disk encryption (FDE), luks I suppose. I am not an expert (TM). reading this recent article: <https://mjg59.dreamwidth.org/66429.html> comes up with the question if ones distro supports stuff beyond PBKDF2, e.g. argon2id If you are concerned, use separate /boot and encrypt / the way you like. Or use TPM to avoid this problem to start with. wow cool thanks for the reply but this didnt help a bit? i use the stuff that simple opensuse 15.4 installer gave me. all on a single nvme with some uefi active laptop big brand. secureboot is activated but this laptop also boots with secureboot disabled. but uefi only no classic bios. now what? where does tpm come into play here and how does this help according to the article of shortcoming or weak pbkdf2 algo? they strongly advise for that argon stuff. lsblk doesnt show separate boot i guess. it all went into one giant / partition.
apparently opensuse leap 15.4 just started months ago on a brand new laptop, with FDE, gives the user ancient style LUKS1 on disk format. is this possible? yet another stuff that opensuse ships historic bits to its userbase? started with 15.4 from scratch on that brand new laptop.
<https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup> <https://security.stackexchange.com/questions/179988/luks2-on-disk-format-specifications>
sudo cryptsetup luksDump /dev/nvme0n1p2 ..... LUKS header information for /dev/nvme0n1p2 Version: 1 Cipher name: aes Cipher mode: xts-plain64 Hash spec: sha256 Payload offset: 4096 MK bits: 512
but this didnt answer the question if leap 15.4 and the infrastructure already? uses? can use? this argon2id?
i guess argon and all that fancy stuff only showed up like years ago with LUKS2 on disk format. being way too cool and fancy to make it into leap 15.4. 15.5 doing any better? any chances? ty