From c15b153c63a3cad86b377f834b122a8fc82f1281 Mon Sep 17 00:00:00 2001 From: Maximilian Friedersdorff Date: Tue, 26 Mar 2019 14:02:29 +0000 Subject: [PATCH] Colemake passphrases in early boot --- content/colemak_cryptsetup_passphrases.rst | 40 ++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 content/colemak_cryptsetup_passphrases.rst diff --git a/content/colemak_cryptsetup_passphrases.rst b/content/colemak_cryptsetup_passphrases.rst new file mode 100644 index 0000000..c73c647 --- /dev/null +++ b/content/colemak_cryptsetup_passphrases.rst @@ -0,0 +1,40 @@ +Achieving a Colemak Layout for Typing LUKS Passphrases in Early Boot +==================================================================== + +:date: 2019-03-26 14:02 +:category: System Administration +:tags: cryptsetup, system administration, full disk encryption +:authors: Maximilian Friedersdorff +:summary: Having to type passphrases with an unfamiliar keyboard layout is slow and frustrating. + +I use full disk encryption using `LVM on LUKS`_ on all of my desktops and +laptops. I trust my memory more than I do any USB device and so I rely on +typing in a passphrase during the boot process. Doing so is tedious, because in +general my prefered keyboard layout (Colemak) is not available before the root +partition has been mounted. The correct solution is to include the Colemak +keyboard layout as part of the initramfs. + +Instead I propose the following hack: Add a passphrase to the LUKS container +such that it is correct when one types the normal passphrase on the unfamiliar +keyboard layout, in my case those layouts are Colemak and QWERTY. First let's +define some terms: + +- Layout1-Layout2 Conjugate: The Layout1-Layout2 Conjugate of the string `s` is + the string that would result from typing `s` as if one is using a Layout1 + keyboard, but while actually typing on a Layout2 keyboard. The Colemak-QWERTY + Conjugate of the string 'correct' is 'c;sskcf'. Similarly, the + QWERTY-Colemak Conjugate of the string 'correct' is 'cyppfcg'. Importantly + the inverse operation of the Layout1-Layout2 Conjugate is the Layout2-Layout1 + Conjugate. For example, the QWERTY-Colemak Conjugate of 'c;sskcf' is + 'correct'. + +In my case, I have to type my passphrase on a QWERTY keyboard during the early +boot process, but I want to type it as if I am typing on a Colemak keyboard. +This will result in the Colemak-QWERTY Conjugate as defined above. If my +passphrase is 'correct horse battery staple', I will produce the string +'c;sskcf h;sdk baffkso dfaruk' in this manner. In order for this to correctly +unlock my LUKS container, I should set this as an additional passphrase. + + +.. _LVM on LUKS: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_Entire_System#LVM_on_LUKS + -- 2.46.2