PSA: Upgrade Your LUKS Key Derivation Function
"People who installed their systems with your encryption defaults several years ago are now much less secure than people who perform a fresh install today."
- "In these days of attackers with access to a pile of GPUs, a purely computationally expensive KDF is just not a good choice."
- "Ubuntu 18.04 used the LUKS1 header format, and the only KDF supported in this format is PBKDF2. This is not a memory expensive KDF, and so is vulnerable to GPU-based attacks."
- "But even so, systems using the LUKS2 header format used to default to argon2i, which is memory strong, but not designed to be resistant to GPU attack."
- "New versions default to argon2id, which is. You want to be using argon2id."
- "What makes this worse is that distributions generally don't update this in any way. If you installed your system and it gave you pbkdf2 as your KDF, you're probably still using pbkdf2 even if you've upgraded to a system that would use argon2id on a fresh install."