Bug#831509: [pkg-cryptsetup-devel] Bug#831509: cryptsetup fails to unlock volumes with accented letters passwords
On Wed, 14 Sep 2016 at 08:01:31 -0300, André Cardoso wrote: > Maybe you will need to talk to someone from Debian to define a better > sequence for loading the modules at the boot time. Assuming the KEYMAP variable is set to “y” in the initramfs configuration (cryptsetup forces this), and assuming the ‘kbd’ package is installed, the proper keyboard layout should be installed in the initramfs image. You can test this by adding the kernel parameter “break” (type ‘E’ from the GRUB boot menu for instance): you'll be left in the busybox shell of the initramfs image and therefore can make sure you're entering the right characters. The keyboard configuration file is located in ‘/etc/default/keyboard’ from the ‘keyboard-configuration’ package. Modifying this file requires the initramfs image to be created to include the new keymap: (type `update-initramfs -u` to update the image). By the way I didn't test it with the installer yet but I was able to add a passphrase containing accented letters to an existing LUKS device (my swap partition), and to unlock it successfully at initramfs stage. -- Guilhem. signature.asc Description: PGP signature
Bug#831509: [pkg-cryptsetup-devel] Bug#831509: cryptsetup fails to unlock volumes with accented letters passwords
Hi Guilhem, how are you? Well, your suggestion is good but I don't think it is an ideal way to solve this... For tests purposes, I had installed the latest release of Ubuntu Desktop (16.04) and it don't have this "problem"... I think they managed to solve that by loading the keyboard module before the prompt of the cryptographic passphrase. I really want to help more but I'm not any good with these things in Linux, sorry... Maybe you will need to talk to someone from Debian to define a better sequence for loading the modules at the boot time. Could you test the Ubuntu 16.04 to see how it works? Thank you for your response and sorry about the lack of more information about how to solve the issue... 2016-09-13 20:15 GMT-03:00 Guilhem Moulin : > Hi Andre, > > On Sat, 16 Jul 2016 at 15:02:40 -0300, Andre wrote: > > During the installation process of setting up my operating system, I > > chose as the default keyboard layout the Portuguese (Brazilian), then > > set up the encryption of disk volumes and then set an encryption > > password using accented characters. > > FWIW, this what the cryptsetup(8) manpage says about this: > > Character encoding: If you enter a passphrase with special symbols, > the passphrase can change depending character encoding. Keyboard > settings can also change, which can make blind input hard or > impossible. For example, switching from some ASCII 8-bit variant to > UTF-8 can lead to a different binary encoding and hence different > passphrase seen by cryptsetup, even if what you see on the terminal > is exactly the same. It is therefore highly recommended to select > passphrase characters only from 7-bit ASCII, as the encoding for > 7-bit ASCII stays the same for all ASCII variants and UTF-8. > > Perhaps we should make the installer print a warning if the user enters > non 7-bit ASCII characters? > > Cheers, > -- > Guilhem. >
Bug#831509: [pkg-cryptsetup-devel] Bug#831509: cryptsetup fails to unlock volumes with accented letters passwords
Hi Andre, On Sat, 16 Jul 2016 at 15:02:40 -0300, Andre wrote: > During the installation process of setting up my operating system, I > chose as the default keyboard layout the Portuguese (Brazilian), then > set up the encryption of disk volumes and then set an encryption > password using accented characters. FWIW, this what the cryptsetup(8) manpage says about this: Character encoding: If you enter a passphrase with special symbols, the passphrase can change depending character encoding. Keyboard settings can also change, which can make blind input hard or impossible. For example, switching from some ASCII 8-bit variant to UTF-8 can lead to a different binary encoding and hence different passphrase seen by cryptsetup, even if what you see on the terminal is exactly the same. It is therefore highly recommended to select passphrase characters only from 7-bit ASCII, as the encoding for 7-bit ASCII stays the same for all ASCII variants and UTF-8. Perhaps we should make the installer print a warning if the user enters non 7-bit ASCII characters? Cheers, -- Guilhem. signature.asc Description: PGP signature
