I use systemd-cryptenroll for TPM–based automatic unlock. I’m sure doing so is a bad idea for many reasons, but regardless, I noticed the LUKS keyslot that systemd-cryptenroll creates is hardcoded to pbkdf2.
Indeed, looking at the source, it appears this decision was made because the author “found the Wikipedia entry relevant”:
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
systemd-cryptenroll
Date: 2023-04-18 04:00 am (UTC)I use
systemd-cryptenrollfor TPM–based automatic unlock. I’m sure doing so is a bad idea for many reasons, but regardless, I noticed the LUKS keyslot thatsystemd-cryptenrollcreates is hardcoded topbkdf2.Indeed, looking at the source, it appears this decision was made because the author “found the Wikipedia entry relevant”: