In release 22.11 of NixOS, there’s a change affecting how system login passwords are encrypted.
Software that uses the
cryptpassword hashing API is now using the implementation provided by
libxcryptinstead of glibc’s, which enables support for more secure algorithms.
Support for algorithms that
libxcryptdoes not consider strong are deprecated as of this release, and will be removed in NixOS 23.05.
This includes system login passwords. Given this, we strongly encourage all users to update their system passwords, as you will be unable to login if password hashes are not migrated by the time their support is removed.
Does this affect LUKS passwords in any way? I’m using LUKS for full disk encryption (i.e. on boot, after selecting a NixOS generation, I’m prompted for a password to decrypt my disk, and only after that does the display manager start up and prompt me for a system login password).
As far as I can tell, LUKS is not affected by the migration to libxcrypt, but I wanted to double check.