Bsrgvty

In the process of setting up LUKS encryption on my Ubuntu partition, I came across the --type luks2 option in the cryptsetup man pages. From what I've read, there don't appear to be any reasons not to use LUKS2, but cryptsetup still uses LUKS1 by default.

Any reason I shouldn't use LUKS2?

Thanks.

As per the official draft for the documentation:

LUKS2 is the second version of the Linux Unified Key Setup for disk
encryp- tion management. It is the follow-up of the LUKS1 [1, 2]
format that extends capabilities of the on-disk format and removes
some known problems and lim- itations. Most of the basic concepts of
LUKS1 remain in place as designed in New Methods in Hard Disk
Encryption 2 by Clemens Fruhwirth. LUKS provides a generic key store
on the dedicated area on a disk, with the ability to use multiple
passphrases 1 to unlock a stored key. LUKS2 extends this concept for
more flexible ways of storing metadata, redundant information to
provide recovery in the case of corruption in a metadata area, and an
interface to store externally managed metadata for integration with
other tools. While the implementation of LUKS2 is intended to be used
with Linux-based dm-crypt 3 disk encryption, it is a generic format

Basically, although it's already available, it's quite a work-in-progress format by user/definition standards. Further citing the cryptsetup official release notes for the 2.0.0 version, barely 6 months ago (emphasis mine):

Cryptsetup 2.0.0 Release Notes

Stable release with experimental features.

This version introduces a new on-disk LUKS2 format.

The legacy LUKS (referenced as LUKS1) will be fully supported forever
as well as a traditional and fully backward compatible format.

NOTE: This version changes soname of libcryptsetup library and
increases major version for all public symbols. Most of the old
functions are fully backward compatible, so only recompilation of
programs should be needed.

Please note that authenticated disk encryption, non-cryptographic data
integrity protection (dm-integrity), use of Argon2 Password-Based Key
Derivation Function and the LUKS2 on-disk format itself are new
features and can contain some bugs.

To provide all security features of authenticated encryption we need
better nonce-reuse resistant algorithm in kernel (see note below). For
now, please use authenticated encryption as experimental feature.

Please do not use LUKS2 without properly configured backup or in
production systems that need to be compatible with older systems.

So, unless you need one of the new features, your best & most secure option would be going with the default/stable LUKS1. On the other hand, if you don't mind a bit of testing or issues with the setup, you can go with the LUKS2 option and report any issues you find to the cryptsetup issue tracker.

1. GRUB does not support LUKS2 yet. If your /boot directory is on a LUKS-encrypted device and you use GRUB as your bootloader, it won't work.


2. [minor point] Older cryptsetup (1.x.y) can't process LUKS2, so Live CD/USBs with a version of cryptsetup before 2 can't be used to decrypt LUKS2 partitions.