[pkg-cryptsetup-devel] Bug#919725: Bug#919725: cryptsetup: switch to LUKS2 by default for new installs

Christoph Anton Mitterer christoph.anton.mitterer at lmu.de
Fri Jan 18 23:37:45 GMT 2019


On Fri, 2019-01-18 at 15:01 -0800, Matt Taggart wrote:
> Is it ready to become the default for new installs yet?

Being not much more than just a user of it and regularly following the
upstream mailing list… I'd rather suggest to be conservative in that
matter.

AEAD is still marked as experimental by upstream and while there are
other reasons to use LUKS2 (which could be quite stable already) it's
crypto what were talking about:
security is the upmost goal (which is also why most other writers and
myself seemed rather concerned about Debian's intention to default to
TRIM enabled in dm-crypt). 

A good thing, which makes it IMO also less pressing to switch to LUKS2
is, that LUKS1 can be in-place-converted to LUKS2 in most cases.
So users can most of the time switch later, without having to rewrite
everything.


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3704 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20190119/3016b81a/attachment.bin>


More information about the pkg-cryptsetup-devel mailing list