From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mbroz@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Sat,  9 Jul 2011 00:05:13 +0200 (CEST)
Received: from int-mx01.intmail.prod.int.phx2.redhat.com
 (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
 by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p68M5CX8003498
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
 for <dm-crypt@saout.de>; Fri, 8 Jul 2011 18:05:12 -0400
Received: from [10.36.4.130] (vpn1-4-130.ams2.redhat.com [10.36.4.130])
 by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id
 p68M5BEI025903
 for <dm-crypt@saout.de>; Fri, 8 Jul 2011 18:05:11 -0400
Message-ID: <4E177F17.5060303@redhat.com>
Date: Sat, 09 Jul 2011 00:05:11 +0200
From: Milan Broz <mbroz@redhat.com>
MIME-Version: 1.0
References: <20110708211100.GB26099@tansi.org>
In-Reply-To: <20110708211100.GB26099@tansi.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Subject: Re: [dm-crypt] Note: Characters inadvisable in Passphrases
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 07/08/2011 11:11 PM, Arno Wagner wrote:

> So it is highly advisable to stay within the 94 printable 
> characters on the standard, 128 character ASCII table. The
> table can e.g. be found here: http://en.wikipedia.org/wiki/ASCII

These suggestions also highly depends on environment (e.g. keyboard map).

(An example of local problem is if using Czech/English keyboard switch
("password1234 is not password+ěšč") or with qwerty/qwertz layout
and suggestions like "try to not use y/z in passphrase to avoid the problem".

Another common problem is  "please check that you have NumLock
switched on when entering digits".

Of course, 5 of 4 admins likes late night calls from users crying
"my password doesn't work!"... :-)

That said, there is no limitation in cryptsetup or dmcrypt regarding
input character set.

All these suggestions are quite generic and are intended to prevent
problem with different environments (locales, keyboard layout etc).

(My suggestion is better use longer non-dictionary ascii-friendly passphrase
than using non-ascii characters in it. But if you disagree, just ignore this
suggestion - it will work.... until you need to unlock external drive
on system with foreign keyboard and locales... :-)

Milan