diff --git a/src/lib/y2partitioner/actions/controllers/encryption.rb b/src/lib/y2partitioner/actions/controllers/encryption.rb
index 400d9899c..9f1aa8df1 100644
--- a/src/lib/y2partitioner/actions/controllers/encryption.rb
+++ b/src/lib/y2partitioner/actions/controllers/encryption.rb
@@ -71,8 +71,8 @@ def initialize(fs_controller)
           @fs_controller = fs_controller
           @action = actions.first
           @password = encryption&.password || ""
-          @pbkdf = encryption&.pbkdf
           @method = initial_method
+          @pbkdf = initial_pbkdf
           @apqns = initial_apqns
           @label = initial_label
         end
@@ -215,10 +215,22 @@ def initial_method
           if methods.include?(encryption&.method)
             encryption.method
           else
-            Y2Storage::EncryptionMethod::LUKS1
+            Y2Storage::EncryptionMethod::LUKS2
           end
         end
 
+        # Initial password-based key derivation function, if relevant
+        #
+        # @return [Y2Storage::PbkdFunction, nil]
+        def initial_pbkdf
+          function = encryption&.pbkdf
+          return function unless function.nil? && method.is?(:luks2)
+
+          # Hardcoded conservative default, we can either change it or make it configurable
+          # (see Y2Storage::Configuration) in the future if needed.
+          Y2Storage::PbkdFunction::PBKDF2
+        end
+
         # Currently used APQNs when the device is encrypted with pervasive encryption
         #
         # @return [Array<Y2Storage::EncryptionProcesses::Apqn>]