Turn phone on and be greeted with the Enter disk encryption passphrase There is no ‘phrase’ just numbers.
Enter pass numbers. Test by making error in the pass numbers..
Screen changes to a dark background with the words:
“Enter disk decryption passphrase” and at the bottom right of the screen is a small square with the letters OSK in it.
No keyboard now.
By trial and error I found that the trick is to tap the OSK and the keyboard will slide up. Enter the correct pass numbers and the secondary login appears where you must enter another or same set of pass numbers.
Side Note: It would be great is we could use passwords and keyboard.
Its short for “On Screen Keyboard”. I have it with my default Version just a symbolized Keyboard, a “white squere with black dots an on the bottom a lager one for space”-Symbol in the button right or on the down left if you enter your pin.
Touching that will display or disapear the OSK. If you read the short paper introduction/manual listed the default keays, you can find some pages further the Advice, how to set that LUKS key to something else.
This was the first thing i changed to a large Key with a strong alpha-numerical-symbols Keyword. Because i known that, even its a stream encryption, a weak short Passkey like the default one, is an issue for LUKS encryption too.
However, you have to be very careful becaus, you have to enter it every reboot and at some updates twice in a short time (cause the update need aother reboot) and without backup you will lose your date if you lost your LUKs key.
I did not check my USB keyboard with the LUKS input but it work with the PIN Phone Lock-screen and i could swift to a TTY with CTRL + ALT + F1 (or F2, F3, F4 …) like on any other Linux Computer. If you test this, i think you can get back to the Phone Login and Desktop by CTRL + ALT + F7, or but if its wrong try everything from F1 to F12, and let the Computer some Seconds between to render the new TTY or Desktop/POSH Session.
I appreciate the response Christal, but I discovered it’s hidden meaning - that to bring up a keyboard, press the OSK.
Maybe a manual is needed pre-purchase so people know they’ll have a great deal of reading, searching, fixing, ignoring, and cussing to do.
I hoped that someone in the realm of L5 to jump in a fix it so when we are told the pass (whatever it is called this hour) was wrong.
Too, when the correct pass thingamabob is entered correctly, to prevent the screen for again displaying “Enter disk decryption passphrase” it won’t repeat the error message, wait fore it, then a message stating it was successful - which is it? Ahhh, must be OK, because the next pass(enter favourite extension here), appears with bigger keyboard, and numbers.
Summary, IMO the opening when there is a error, needs some housecleaning. That’s all.
~s
What we are looking at here is somewhat a chicken-and-egg situation. You are trying to unlock the root file system, which contains all the more sophisticated code that would probably behave better, but you haven’t unlocked it yet. So it is only more basic, early boot stage code that is able to run at this point.
So it seems like the answer is: you can. You are not limited to a numeric disk encryption passphrase. However maybe it would be better if some documentation pointed that out to the customer.
Did you mean by this: use a real, physical, external keyboard to enter the disk encryption passphrase?
The type of encryption (or even its strength) that is used to encrypt the disk is not relevant here with LUKS.
The passphrase is used to unlock akey slot. Each key slot disgorges the disk encryption master key when unlocked. The master key is the actual key used to encrypt the disk. The master key is usually randomly generated - and hence is strong regardless of whether a key slot unlock passphrase is strong or weak.
Of course if using a passphrase to unlock a key slot, the passphrase should always be strong, as you say.
[quote=“irvinewade, post:5, topic:20689”]
So it seems like the answer is: you can. You are not limited to a numeric disk encryption passphrase. However maybe it would be better if some documentation pointed that out to the customer.
[/quote]
Let me explain better:
Assume Digital Phone (DP) is off. Also assume the password is 123456
Press button to boot DP.
Up pops the tiny text to enter passphrase (I think they mean passnumbers) so enter it (123458 not 6) and hit enter. This is to purposely error on password entry.
The screen blanks, and comes back with same login screen. This time, enter the correct password 123456 and do the enter thingy.
A window pops open with "CryptSetUp error…( too fast to copy all of it) for about 5 seconds, then changes to original good entry and heads off to the next phase with the larger text, and numbers only)
Enter the correct passnumber and voila! Made it.
It’s no big deal. It doesn’t look as good as it can do better. Lots on their plates and this is minor. Just thought I’d mention it s’all.
First, No. I meant keyboard and letters for part 2 of login. I’ll start proof reading before posting
Maybe the error message was: No key available with this passphrase.
If I am understanding the scenario correctly, I think there are two areas for improvement.
When an incorrect LUKS passphrase is entered, make sure that a clear error message is presented to the user, then acknowledged by the user, and then return to a screen that is identical to the original prompting.
When the error message is acknowledged, make sure that the error message then goes away i.e. is cleared (so that the user doesn’t see the error message again once the correct LUKS passphrase is entered).
No, they don’t. Really.
The LUKS passphrase is inherently not just numbers.
It is true that Purism sets the passphrase at time of shipment to 123456 (all numbers).
You are supposed to change the default passphrase as soon as you take delivery of your phone / laptop (since otherwise everyone in the world knows your passphrase, which makes it a poor passphrase, not to mention that it is a weak passphrase anyway).
Your choice of new passphrase would ideally not be just numbers. A passphrase that is just numbers is too weak, all other things being equal. I mean sure choose a 30 digit passphrase and it’s all good - but if you want something shorter then you are better off using more of the full set of printable ASCII characters.
At the point where the system is prompting for the passphrase it doesn’t know whether your passphrase will be just numbers or will be a combination of types of character - so it obviously can’t tailor the prompt to match what you are going to enter.
In this case the system simply can’t know what characters are in your passphrase but if the system did know then it would actually be a security weakness for the prompt to reflect the system’s knowledge about your passphrase (since a prompt of “please enter passnumbers” would be telling every hacker not to bother with trying non-numeric passphrases).
I noticed that when I have the L5 connected to an external keyboard that the LUKS prompt hides the on screen keyboard and leaves the “OSK” on the bottom right.
Without any external keyboard the phone one loads every time, at least for me
Over the years, (since 1983) I notice how companies, individuals, and groups like to muse words they don’t know the meaning of so please bear with me.
“Passphrase” might be ‘Yourdoghasfleas’
“Password” might be ‘qwerty’ or ‘%f/(dDgo&-K1v’
Am I correct?
~s
PS, I just changed my pass thingamabob
Too, sorry that I am unable now to quote what I am replying to. Must have fixed something.
I don’t know to whom you are expressing your reply to, so sorry if I butt in.
[rant mode on]
IMO, there is little difference now-a-days because ‘experts’ will say 123456 is a password, others say it’s a passphrase.
Oxford says 'phrase"a small group of words standing together as a conceptual unit, typically forming a component of a clause.
““to improve standards” is the key phrase here”"
Some kid will no doubt nitpick that but I don’t give a because I still appreciate proper use of words, not what makes one try to sound smarter than a phone.
What a place, the Internet is. 99.99% of the Internet is useless junk. Of the remaining 0.01% 99% of that is incorrect, and of it’s remaining 0.01%, might be correct but is obsolete, but the answers are buried too deep under gobbledygook and befuddlement.
Kid: “Mum, I can’t find my homework”.
Mum: “well, google it”.
Kid: “where are my shoes”
Mum: “Google them”.
I should add that I discovered that if I set the timeout to Never, and wait, the keyboard and mouse stop working. In short, at some point, they hang.
Reboot is my high-tech fix.
~f
In my mind something like Pi (π) is a proper word, also other Greek characters in math context. However, I don’t mind too much about it since I never use passphrases.
I agree. I’d like to see a international standard of incorporating everything from Hex, Binary and Latin-1 to language characters and maths like you say.
One day. Maybe pass-things will be bionics at the tenth degree.
Cheers,
~s
But then someone realised that, by using the term “password”, users were being misled into thinking that the password could only be a “word” i.e. a single word, whether fictitious or not. (Indeed, any half decent system would reject a single actual dictionary word as a password.)
So they started using the term “passphrase” instead, with a view to encouraging more complex and harder to guess passwords. (I guess in part this reflects Moore’s Law. Computing power grew so much that simpler, shorter passwords are no longer safe.)
So I would take the two terms as synonymous, and not intending to imply any functional difference.
What set of characters is allowed, and whether case is significant, are as determined by each individual implementation.
The bottom line is that, “password” or “passphrase”, it is secret information that only you know. It should be unguessable. It is just a sequence of characters. It should either be meaningless or meaningful only to you.
Once the implementation allows a random sequence of characters the meaning departs too much from the conventional OED meanings of “word” and “phrase”. The words “word”, “phrase” and “clause” are defined relative to the parsing of natural language rather than relative to meaningless sequences of characters. Needless to say also that “passphrase” is not the same word as “phrase”. They don’t have to mean the same thing.
And a reminder that the LUKS documentation cautions against using any non-ASCII characters in a LUKS passphrase.
I read it before, but what happens if I decide to use non-ASCII characters? Or better: where is the danger?
To better understanding:
I’m not feared if I can type in a password that cannot be unlocked (had such problems on web accounts where the client didn’t accept the § for example). I’m testing passwords before using on my running device.
But I’m feared about that updates could break something that was working before with non-ASCIIs or something similar.
So it is important to me to understand where they see exactly the issue in non supported characters. I’m already using them to increase the security of my data and was ready to flash my phone if something got broken (with backups already done).
