eCryptfs uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack. By default, the wrapping key is hashed with the default fixed salt (0x0011223344556677).
This update introduces the version 2 wrapped-passphrase file format. It adds the ability to combine a randomly generated salt with the wrapping password (typically, a user's login password) prior to performing key strengthening. The version 2 file format is considered to be a intermediate step in strengthening the wrapped-passphrase files of existing encrypted home/private users.
If pam_ecryptfs is used a transparent migration from version 1 to version 2 files is provided, otherwise a manual re-wrapping of the passphrase file is mandatory.