Mageia forum

[htgoebel]

Hi,

recently there have been quite some recommendations to convert from LUKS1 to LUKS2 and changing PDKDF to e.g. argon2id.

Is it expected to be safe converting a Mageia 8 system partition to LUKS2?

Thanks in advance.

[doktor5000]

When did you create your LUKS devices and can you post the output as root of

Code: Select all

dmsetup table

and

Code: Select all

cryptsetup luksDump

for one of those (you can obviously omit the salt and digest parts in the latter)?

Conversion should be safe but you can't always convert back to LUKS1:
https://unix.stackexchange.com/question ... -version-1
https://wiki.archlinux.org/title/dm-cry ... 2_and_back
https://curius.de/2021/01/verschuesselt ... vertieren/

[morgano]

My device was set up using Mageia 8, and here I get

$ sudo cryptsetup luksDump /dev/sda2 | grep Version
Version: 2

[htgoebel]

The disk was propably set up in 2016 and here is the requested output:

Code: Select all

# dmsetup table
crypt_sdaX 0 474102361 crypt aes-xts-benbi 000…00 0 8:X 4096
# cryptsetup luksDump /dev/sda6
LUKS header information for /dev/sda6

Version:        1
Cipher name:    aes
Cipher mode:    xts-benbi
Hash spec:      sha1
Payload offset: 4096
…


I'm curious how this additional information effects whether converting to LUKS2. Can you please explain so I learn something.

I would expect the capability to convert to depend on the capability of the Mageia kernel images and tools included in initrd, not on the age of the setup?!

[sturmvogel]

I'm curious how this additional information effects whether converting to LUKS2. Can you please explain so I learn something.

I would expect the capability to convert to depend on the capability of the Mageia kernel images and tools included in initrd, not on the age of the setup?!

Actual Mageia versions already use LUKS 2. That‘s why Morgan asked you for your informations if you not already use LUKS 2. You installed your system 7 years ago when LUKS 1 was standard. But as you can see Mageia supports and uses LUKS 2.

[doktor5000]

The disk was propably set up in 2016 and here is the requested output:

Code: Select all

# cryptsetup luksDump /dev/sda6
LUKS header information for /dev/sda6

Version:        1


I'm curious how this additional information effects whether converting to LUKS2. Can you please explain so I learn something.

Your sda6 is still LUKS1 and you'd need to convert that (if you want that).

[isadora]

Well, I know and this is why I asked whether is it save to convert :-\

Actual Mageia versions already use LUKS 2.

This was the relevant information I need. Many thnaks.