The one place for your designs
To enable design management, you'll need to meet the requirements. If you need help, reach out to our support team for assistance.
Create LUKS2 persistent volumes by default
Originally created by @je843 on #15450 (Redmine)
Cryptsetup 2.0.x supports the LUKS2 format that includes the Argon2i and
Argon2id hash algorithms. Argon2 is a memory-hard hash that strengthens
low-entropy passphrases.
Attacker costs should be much higher then the current Cryptsetup 1.X
which uses PBKDF2 which hashes with SHA-256.
cryptsetup allows converting existing LUKS volumes to LUKS2. But for the first iteration, let’s only consider using LUKS2 for newly created persistent volumes.
Feature Branch: wip/feature/15450-switch-to-luks2, t-p-s:feature/15450-switch-to-luks2,
Related issues
- Related to #14468 (closed)
- Blocked by #15944 (closed)
- Blocked by #17457 (closed)