The translation is temporarily closed for contributions due to maintenance, please come back later.
The translation was automatically locked due to following alerts: Could not merge the repository. Could not push the repository.
English Czech
Security
GnuPG 2 as the default GPG implementation
Starting with Fedora 30, the `/usr/bin/gpg` path representing the main GPG implementation uses GnuPG 2 instead of version 1 used in earlier releases. This change brings Fedora in line with other major distributions, and provides users with consistent experience between distributions.
Cryptsetup metadata format changed to LUKS2
The default metadata encryption format for full disk encryption has been changed from LUKS1 to LUKS2. LUKS2 is an evolution of the standard that enables new features such as the Argon2 KDF for keyslots (alongside currently used PBKDF2), improved support for automatic activation, support for wrapped key ciphers (the `paes` cipher), and experimental authenticated encryption.
LUKS1 continues to be supported.
Note that older boot media (Fedora 27 and earlier) do not provide a version of `cryptsetup` that can unlock LUKS2-encrypted volumes. This means a Fedora 27 or earlier installation ISO can not be used to rescue a system with LUKS2 encryption.
Changes to libcrypt
A number of unsafe legacy functions have been removed from `libcrypt`, and a compatibility package is now provided for applications that rely on these functions. For details, see xref:sysadmin/Security.adoc#distribution-libcrypt[Distribution-wide Changes].