Hi there,
On Mon, 01 Jul 2019 at 02:54:30 +0200, Cyril Brulebois wrote:
>> [1] https://manpages.debian.org/testing/cryptsetup-bin/cryptsetup.8.en.html
>>
>> ,----
>> | LUKS2 is a new version of header format that allows additional extensions like
>> | different PBKDF algorithm or authenticated encryption. You can format device
>> | with LUKS2 header if you specify --type luks2 in luksFormat command. For
>> | activation, the format is already recognized automatically.
>> `----
>> [2] https://gitlab.com/cryptsetup/cryptsetup/blob/master/man/cryptsetup.8#L241
>>
>> and
>>
>> ,----
>> | To use LUKS2, specify --type luks2.
>> `----
>> [3] https://gitlab.com/cryptsetup/cryptsetup/blob/master/man/cryptsetup.8#L278
>
> That doesn't say much about the default setting; but I can see how one
> could read it as “this is not the default”.
Thanks for the feedback indeed, that manpage snippet should probably be
reformulated. Would you mind filing a bug against the cryptsetup-bin
package? I can also do it otherwise. That bit was likely written for
2.0 (when LUKS2 support was introduced), and not updated for 2.1 (when
LUKS2 was made the default LUKS format).
The compiled in-default for cryptsetup(8) can be obtained with
~$ cryptsetup --help
[…]
Default compiled-in metadata format is LUKS2 (for luksFormat action).
[…]
That setting, as well as other compiled-in defaults (PBKDF algorithm and
parameters, ciphers, modes), comes from upstream. The Debian binary doesn't
differ in that regard.
>> P.s. I am not on the list, I read this via debian-devel-announce.
Likewise I'm not subscribed to debian-boot.
Cheers,
--
Guilhem.
Attachment:
signature.asc
Description: PGP signature