All of lore.kernel.org
 help / color / mirror / Atom feed
From: Milan Broz <mbroz@redhat.com>
To: Ludwig Nussel <ludwig.nussel@suse.de>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] [PATCH] print warning when adding a key that contains non-ASCII characters
Date: Tue, 03 Nov 2009 10:04:10 +0100	[thread overview]
Message-ID: <4AEFF20A.4000700@redhat.com> (raw)
In-Reply-To: <1256220968-2387-1-git-send-email-ludwig.nussel@suse.de>

On 10/22/2009 04:16 PM, Ludwig Nussel wrote:
> There's no way to determine whether e.g. the keymap on the console is
> the same as in X. Ie a key with umlauts added in an xterm may not be
> usable during boot. So when using e.g. an encrypted root partition
> users could lock themselves out. So I wonder whether a patch like
> the following would be acceptable?

> +				"* Warning: Entering non-ASCII passwords\n"
> +				"* may not be possible on all systems.\n"
> +				"* Make sure you can unlock the volume in\n"
> +				"* the intended environment!\n");

Hi,

I don't think this in good idea. Information that user entered non-ASCII
character is useful for attacker, why display it to terminal?
(That problem exist in all password entry dialogs - why cryptsetup should
be special here?)

This should be solved in environment before cryptsetup starts - set proper
keymap (even during boot). IIRC Fedora support setting keymap in boot environment now,
there were similar bug reports already:-)

Also I expect that in future libcryptsetup will be used more (instead
of wrapper over cryptsetup binary and the whole internal code
for reading password will be moved to caller application which is then responsible
for password from terminal reading stuff.

Milan
--
mbroz@redhat.com

  parent reply	other threads:[~2009-11-03  9:04 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-10-22 14:16 [dm-crypt] [PATCH] print warning when adding a key that contains non-ASCII characters Ludwig Nussel
2009-11-03  7:47 ` Ludwig Nussel
2009-11-03  9:15   ` Ian McDonald
2009-11-03 12:58   ` Arno Wagner
2009-11-03 22:40   ` Uwe Menges
2009-11-04 15:46     ` Heinz Diehl
2009-11-03  9:04 ` Milan Broz [this message]
2009-11-03 10:08   ` Ludwig Nussel
2009-11-03 10:31     ` Milan Broz
2009-11-06 11:11 ` Pasi Kärkkäinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4AEFF20A.4000700@redhat.com \
    --to=mbroz@redhat.com \
    --cc=dm-crypt@saout.de \
    --cc=ludwig.nussel@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.