Güvenlik
GnuPG 2 as the default GPG implementation
Starting with Fedora 30, the /usr/bin/gpg
path representing the main GPG
implementation uses GnuPG 2 instead of version 1 used in earlier releases.
This change brings Fedora in line with other major distributions, and
provides users with consistent experience between distributions.
Cryptsetup metadata format changed to LUKS2
The default metadata encryption format for full disk encryption has been
changed from LUKS1 to LUKS2. LUKS2 is an evolution of the standard that
enables new features such as the Argon2 KDF for keyslots (alongside
currently used PBKDF2), improved support for automatic activation, support
for wrapped key ciphers (the paes
cipher), and experimental authenticated
encryption.
LUKS1 continues to be supported.
Note that older boot media (Fedora 27 and earlier) do not provide a version
of cryptsetup
that can unlock LUKS2-encrypted volumes. This means a
Fedora 27 or earlier installation ISO can not be used to rescue a system
with LUKS2 encryption.
Changes to libcrypt
A number of unsafe legacy functions have been removed from libcrypt
, and a
compatibility package is now provided for applications that rely on these
functions. For details, see
Distribution-wide
Changes.