On Fri, 2019-01-18 at 15:01 -0800, Matt Taggart wrote: > Is it ready to become the default for new installs yet?
Being not much more than just a user of it and regularly following the upstream mailing list… I'd rather suggest to be conservative in that matter. AEAD is still marked as experimental by upstream and while there are other reasons to use LUKS2 (which could be quite stable already) it's crypto what were talking about: security is the upmost goal (which is also why most other writers and myself seemed rather concerned about Debian's intention to default to TRIM enabled in dm-crypt). A good thing, which makes it IMO also less pressing to switch to LUKS2 is, that LUKS1 can be in-place-converted to LUKS2 in most cases. So users can most of the time switch later, without having to rewrite everything. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
