[dm-crypt] Note: Characters inadvisable in Passphrases

All of lore.kernel.org
 help / color / mirror / Atom feed

* [dm-crypt] Note: Characters inadvisable in Passphrases
@ 2011-07-08 21:11 Arno Wagner
  2011-07-08 22:05 ` Milan Broz
  0 siblings, 1 reply; 3+ messages in thread
From: Arno Wagner @ 2011-07-08 21:11 UTC (permalink / raw)
  To: dm-crypt

Hi all,

after somebody ran into this revently, I think a general warning
might be a good idea (already in the FAQ):

If you use characters that are not in the first 128 positions 
of the ASCII table, these character may change encoding, e.g. 
when upgrading. In the specific case, it went from an ASCII 
character in the 129-255 range to a 3 byte UTF-8 character. 
Needless to say the passphrase did not work anymore.

So it is highly advisable to stay within the 94 printable 
characters on the standard, 128 character ASCII table. The
table can e.g. be found here: http://en.wikipedia.org/wiki/ASCII

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dm-crypt] Note: Characters inadvisable in Passphrases
  2011-07-08 21:11 [dm-crypt] Note: Characters inadvisable in Passphrases Arno Wagner
@ 2011-07-08 22:05 ` Milan Broz
  2011-07-08 22:34   ` Arno Wagner
  0 siblings, 1 reply; 3+ messages in thread
From: Milan Broz @ 2011-07-08 22:05 UTC (permalink / raw)
  To: dm-crypt

On 07/08/2011 11:11 PM, Arno Wagner wrote:

> So it is highly advisable to stay within the 94 printable 
> characters on the standard, 128 character ASCII table. The
> table can e.g. be found here: http://en.wikipedia.org/wiki/ASCII

These suggestions also highly depends on environment (e.g. keyboard map).

(An example of local problem is if using Czech/English keyboard switch
("password1234 is not password+ěšč") or with qwerty/qwertz layout
and suggestions like "try to not use y/z in passphrase to avoid the problem".

Another common problem is  "please check that you have NumLock
switched on when entering digits".

Of course, 5 of 4 admins likes late night calls from users crying
"my password doesn't work!"... :-)

That said, there is no limitation in cryptsetup or dmcrypt regarding
input character set.

All these suggestions are quite generic and are intended to prevent
problem with different environments (locales, keyboard layout etc).

(My suggestion is better use longer non-dictionary ascii-friendly passphrase
than using non-ascii characters in it. But if you disagree, just ignore this
suggestion - it will work.... until you need to unlock external drive
on system with foreign keyboard and locales... :-)

Milan

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [dm-crypt] Note: Characters inadvisable in Passphrases
  2011-07-08 22:05 ` Milan Broz
@ 2011-07-08 22:34   ` Arno Wagner
  0 siblings, 0 replies; 3+ messages in thread
From: Arno Wagner @ 2011-07-08 22:34 UTC (permalink / raw)
  To: dm-crypt

On Sat, Jul 09, 2011 at 12:05:11AM +0200, Milan Broz wrote:
> On 07/08/2011 11:11 PM, Arno Wagner wrote:
> 
> > So it is highly advisable to stay within the 94 printable 
> > characters on the standard, 128 character ASCII table. The
> > table can e.g. be found here: http://en.wikipedia.org/wiki/ASCII
> 
> These suggestions also highly depends on environment (e.g. keyboard map).

Not so bad, since then you can still put the passphrase into a file 
using a hex-editor and read it from there if you stay in ASCII 7 Bit. 
If you do not know the original encoding, that can be a problem
or at least take a lot of experimenting. 
 
> (An example of local problem is if using Czech/English keyboard switch
> ("password1234 is not password+??????") or with qwerty/qwertz layout
> and suggestions like "try to not use y/z in passphrase to avoid the problem".
> 
> Another common problem is  "please check that you have NumLock
> switched on when entering digits".
>
> Of course, 5 of 4 admins likes late night calls from users crying
> "my password doesn't work!"... :-)

Indeed.

> That said, there is no limitation in cryptsetup or dmcrypt regarding
> input character set.
> 
> All these suggestions are quite generic and are intended to prevent
> problem with different environments (locales, keyboard layout etc).
> 
> (My suggestion is better use longer non-dictionary ascii-friendly 
> passphrase than using non-ascii characters in it. But if you 
> disagree, just ignore this suggestion - it will work.... until 
> you need to unlock external drive on system with foreign keyboard 
> and locales... :-)

I completely agree. :-)

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2011-07-08 22:34 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-08 21:11 [dm-crypt] Note: Characters inadvisable in Passphrases Arno Wagner
2011-07-08 22:05 ` Milan Broz
2011-07-08 22:34   ` Arno Wagner

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.