[opensuse-m17n] Encryption password fail on install > internationalisation <
Hello Two problems related to security and internationalisation have arisen while attempting to install opensuse: one major, one merely obstructive. Both problems occur when setting the encryption password. 1. The major problem concerns the keyboard layout. The opensuse installer very helpfully asks which international keyboard layout it should use during install. It does this before asking for the user to set their passphrases. So the user gets to formulate their password in their chosen international keyboard layout - most likely the keyboard layout they are actually using: e.g. UK keyboard layout. But when install is complete, in my instance at least, the computer goes to a command screen and says, before prompting for the just given password to open the encrypted disk: "Note: only US keyboard layout is supported". The result is a failed install unless you happen to be in the US. Perhaps the problem has not occured in other countries where language differences have focused more attention on internationlisation? It is nigh on impossible to enter your encryption password using a US layout on a UK keyboard unless you use a password drawn from a limited and therefore less secure set of characters; and only then if you happen to know what characters are actually valid in both keyboard layouts, and where they are. I had a quick look. I'm not even sure it's actually possible to map characters chosen from a UK keyboard layout into a US keymap and then back onto a UK keyboard layout again without losing some. At least not for a regular person who is simply trying to put their password in at the prompt. Maybe not for anyone but Lou Gerstner himself. if this problem cannot be corrected, it would at least save the people time and frustration to tell them which characters are valid or not when they create their password, and to remove the offer of a non-US keyboard during install. I'm sure people would be happy not to choose invalid characters if they were told what they were. 2. The other problem is that the password itself recognises limited punctuation characters in whatever character set. Characters it does not recognise are recognised routinely by other password prompts. Some other password prompts fail to recognise characters that the opensuse password prompt does. Some password prompts have no limitations for a given standard keyboard layout. The result is that it becomes difficult to create a password system - i.e. a method for choosing complex passwords for different situations that can be remembered - because your system falls down as soon as you come across a password screen that disallows certain characters your system relies on. This actually happens pretty regularly. And the rules about what is a valid character or not seem always to be different. That doesn't make it right. If only the base system could assure no limitations. Hope this helps. mb. -- To unsubscribe, e-mail: opensuse-m17n+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-m17n+owner@opensuse.org
Am 22.07.2014 22:14, schrieb Mark Ballard:
But when install is complete, in my instance at least, the computer goes to a command screen and says, before prompting for the just given password to open the encrypted disk: "Note: only US keyboard layout is supported".
Hello Mark, I think that the issue is rather in this part. I don't know if it is possible to change, but I think it would be much better to enable Non-US keyboards in the boot loader as well. Forcing a US keyboard is more difficult for some physical keyboards than others. A keyboard like QWERTZ is still relatively similar, but AZERTY is already quite different. Especially if one wants to use special characters ($, +, [ etc) for the password, most keyboard layouts do not match at all. Also, partitions may be decrypted from an already running system, where logically the keyboard layout is already set to the own keyboard. Therefore, I think it would be more prudent to change the forcing of a US keyboard in the boot loader rather than forcing everything else to use US as well. -- To unsubscribe, e-mail: opensuse-m17n+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-m17n+owner@opensuse.org
Forcing a US keyboard is more difficult for some physical keyboards than others. A keyboard like QWERTZ is still relatively similar, but AZERTY is already quite different. Especially if one wants to use special characters ($, +, [ etc) for the password, most keyboard layouts do not match at all.
This is indeed the cause of the problem - complex passwords and disk encryption. People are being encouraged to use both.
Also, partitions may be decrypted from an already running system, where logically the keyboard layout is already set to the own keyboard.
One solution proposed more to illustrate the absurdity of the problem is that encryption software and other password systems could warn users, when they are creating their passwords, of any keypresses that they will not be able to recreate when on reboot the o/s lays a US keymap over their 'foreign' keyboard.
Therefore, I think it would be more prudent to change the forcing of a US keyboard in the boot loader rather than forcing everything else to use US as well.
Amen. -- To unsubscribe, e-mail: opensuse-m17n+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-m17n+owner@opensuse.org
participants (2)
-
Hans Schmidt -
Mark Ballard