On Tue, Nov 3, 2009 at 8:47 AM, Ludwig Nussel <ludwig.nussel@xxxxxxx> wrote: > Ludwig Nussel wrote: >> There's no way to determine whether e.g. the keymap on the console is >> the same as in X. Ie a key with umlauts added in an xterm may not be >> usable during boot. So when using e.g. an encrypted root partition >> users could lock themselves out. So I wonder whether a patch like >> the following would be acceptable? > > Any opinions? I see it this way: a user setting up disk encryption or even an encrypted root file system should already know that there is usually only a US keyboard layout available at boot time (or whatever the kernel is configured to use); thus he would pick his password accordingly. If someone really uses a password he cannot enter at boot time he will have to fix the problem from a rescue disc or consult a more experienced user to help him with that. No data is actually lost as the password is still usable. Furthermore, I think that what you have described here is a scenario that would only happen to users with an extremely hazardous behaviour. When a newbie sets up his disk for encryption he will try it out on a non-critical system just to see how it works. I know no one who would go on to encrypt his data with the dm-crypt infrastructure if he hasn't a single clue about how it all works. The instinctive fear of losing one's own data should form a reasonable protection against this kind of behaviour. I think that it would be sufficient if the cryptsetup manpage explained the dangers of differring key maps in detail and recommended that passwords should always be entered from the console and not from terminals under X. A patch like the one you provided would be overkill in my opinion as it alters the behaviour of cryptsetup where improved documentation and user education should be the way to go. Regards, Ian. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
