Create LUKS2 persistent volumes by default
Cryptsetup 2.0.x supports the LUKS2 format that includes the Argon2i and
Argon2id hash algorithms. Argon2 is a memory-hard hash that strengthens
low-entropy passphrases.
Attacker costs should be much higher then the current Cryptsetup 1.X
which uses PBKDF2 which hashes with SHA-256.
cryptsetup allows converting existing LUKS volumes to LUKS2. But for the first iteration, let’s only consider using LUKS2 for newly created persistent volumes.
Feature Branch: wip/feature/15450-switch-to-luks2, t-p-s:feature/15450-switch-to-luks2,
Related issues
- Related to #14468
-
Blocked by #15460 -
Blocked by #15944 (closed)
Original created by @je843 on 15450 (Redmine)