From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guilhem@fripost.org>
Received: from outgoing.fripost.org (giraff.fripost.org
 [IPv6:2a00:1c20:4089:126c:300f:e2a1:9840:5351])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Fri, 27 Jul 2018 10:24:36 +0200 (CEST)
Date: Fri, 27 Jul 2018 16:16:26 +0800
From: Guilhem Moulin <guilhem@fripost.org>
Message-ID: <20180727081626.GA29834@localhost.localdomain>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="HlL+5n6rz5pIUxbD"
Content-Disposition: inline
Subject: [dm-crypt] Debian installer formatting LUKS2 devices by default?
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <https://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <https://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <https://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Milan Broz <gmazyland@gmail.com>
Cc: dm-crypt@saout.de


--HlL+5n6rz5pIUxbD
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi there,

Debian Buster will freeze at the beginning of next year and we have
people asking for the installer to format devices with `--type luks2`.

(FWIW, I think these requests to default to `--type luks2` are mostly
motivated by a better PBKDF, so nothing impossible to obtain by
conversion from an existing LUKS1 device.)

Personally I'd rather *not* have such custom defaults in the installer.
Do you have any plan to have `luksFormat` default to LUKS2 at some
point?  If so, any idea, when that would happen? ;-)  Given the warning
in the latest Release Notes [0] I assume LUKS2 is not mature enough for
our installer yet.  Not sure what other distros are doing, but for
Debian we're waiting for that scary warning to disappear (or
alternatively, an explicit blessing from upstream) before promoting
LUKS2 (and latter authenticated encryption =E2=80=94 once a better AEAD
algorithm is available) in our installer and documentation :-)

Cheers,
--=20
Guilhem.

[0] https://kernel.org/pub/linux/utils/cryptsetup/v2.0/v2.0.3-ReleaseNotes

--HlL+5n6rz5pIUxbD
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAlta1NgACgkQ05pJnDwh
pVK2Pg/7BMTSUdjGFwTl7xJRz2q5G5pE9aiIkmP5yBjggYPF0D1q8swb0J/RypOS
M4VSieadegrkQVWMySsxdwb3t1mqXIn6lphTnewTsP3wQFZF39AoGdUkudzSPC7/
Scmdcqve+D62eAgfHlIaCd57/Mr9DNuPhMXA5PdyKxd/USgNWH1zyBqtxI2ajXm9
6di5LOLxJk2u/61M5Xz8i50IHB85YNZ+Qb+FflQAk7aPxV0IaDg7a+e9s9+O2zNF
FflALkxRRSs1TJ9turqXIllIKSC+L/ofsmtnrON3uxXvjbacEG8jlnpR1qYWx2pv
aYAizaDWtcu96VN89F0B4hHpCqPCp5xf280WPCEL03lEUPzRtQsPvG58VuN87JDq
U0jOBRRo+voZ90XizFFXaZiBpmWupb/NLaJGPSry7D2zyNm0QvzwnPUJ7ZJPSI/D
ddfvUNG/PVKXr4gmBbz2e2ja2uPBcJjoUL6X165Yptt7ZaNGyWgDXOYsZrtOk6N1
XTRlgb27PTUexzg6l8O8BBKJZuk85O3GXRkaJeFt5gox5PZ634/CUfitDFs0hp8S
DlOg0WkviZkHXg/V3ZsTux4WfHGZ1H6Qpyv3Y24elp5llXD5QpzQaJBC0TLL2eal
dFGxWeYOAGoX3i218aTuXTgJUS3qza8pGj5LHL13H43e/4CvIRM=
=7T+s
-----END PGP SIGNATURE-----

--HlL+5n6rz5pIUxbD--