tech

PSA: upgrade your LUKS key derivation function

# How to know if you need to upgrade

## Step 1: Find your encrypted device
Run this command to identify your encrypted partition:
```bash
lsblk
```
Look for entries with type "crypt" - the device above it in the tree is your actual encrypted device (something like `/dev/sda2` or `/dev/nvme0n1p2`).

## Step 2: Check your LUKS version and KDF
Once you've identified your encrypted device, run:
```bash
sudo cryptsetup luksDump /dev/whatever
```
(Replace `/dev/whatever` with your actual device name)

## What to look for:

**Check the Version:**
- If it shows `Version: 1`, you're using LUKS1 and definitely need to upgrade
- LUKS1 only supports PBKDF2, which is vulnerable to GPU-based attacks

**Check the PBKDF (Key Derivation Function):**
Look for the `PBKDF:` line in each keyslot section. You need to upgrade if you see:
- `pbkdf2` - old and vulnerable to GPU attacks
- `argon2i` - better but not GPU-resistant

**You're good if you see:**
- `argon2id` - this is the current recommended KDF that's resistant to GPU attacks

## Quick summary:
- **LUKS1 + PBKDF2** = definitely upgrade
- **LUKS2 + PBKDF2** = upgrade recommended  
- **LUKS2 + argon2i** = upgrade recommended
- **LUKS2 + argon2id** = you're good!