Create LUKS2 persistent volumes by default (#15450) · Issues · tails / tails

Create LUKS2 persistent volumes by default

Originally created by @je843 on #15450 (Redmine)

Cryptsetup 2.0.x supports the LUKS2 format that includes the Argon2i and Argon2id hash algorithms. Argon2 is a memory-hard hash that strengthens low-entropy passphrases.
Attacker costs should be much higher then the current Cryptsetup 1.X which uses PBKDF2 which hashes with SHA-256.

cryptsetup allows converting existing LUKS volumes to LUKS2. But for the first iteration, let’s only consider using LUKS2 for newly created persistent volumes.

Feature Branch: wip/feature/15450-switch-to-luks2, t-p-s:feature/15450-switch-to-luks2,

Related issues

Blocked by sysadmin#17731
Related to #14468 (closed)
Blocked by #15944 (closed)
Blocked by #17457 (closed)

Edited Jul 18, 2020 by intrigeri

To upload designs, you'll need to enable LFS. More information