Dick Cappels' project pages
Return to HOME
(Go to Wide Range of Topics on cappels.org)
A trick to improve Linux Password Security Via Remapping Of The
Find updates at http://www.cappels.org/wide_range_of_topics/Home.htm
Contributed by Puddledud.
Password ridiculous - by Puddledud
Recently I got myself into a bind with the root password on my
Linux Mint 13 Maya Cinnamon system.
I had chosen a UK keyboard mapping when I set up the
installation. Then I found that a commonly used symbol - " - the
quote used in specifying required search string delimiting etc.
- didn't match the markings of the keyboard that I was using and
so I decided to set the keyboard to the US keyboard mapping - in
search of an easier life.
The net is great in this type of situation and I was able to
find very helpful people making their contribution, posting
their solutions to the problems they had encountered and
ready and able to tell me how to do what I wanted to do. I'm
always grateful for this type of assistance.
This command string - does a nice job of changing the keyboard
sudo dpkg-reconfigure keyboard-configuration
It requires the entry of the root password or an administrative
password before it will run. Then it is a matter of making
choices and that is that.
Having made this change and feeling good about it I then
discovered that I was no longer able to just type out the root
password - changing the keyboard mapping had remapped one of the
punctuation characters - in this case what had been the English
pound sign - £ - was now the hash symbol - # - as the
printed key marking on my actual US keyboard key had shown all
Suddenly I had no way of typing the root password - fortunately
the base user on my system doesn't require a password so I was
still able to use the system - but this state of affairs was
Back to the net for a solution.
There I found that the sequence CONTROL/SHIFT (held down
together) and followed by the character sequence - u00a3 - typed
while SHIFT and CONTROL continue to be depressed will very
neatly produce the English pound character - £ - ; the
decoding of the sequence is initiated by the release of the
CONTROL/SHIFT combination after the unicode character sequence
code for the symbol has been typed.
I know that this works because it is sufficient to enable me to
enter my root password - even though I can not see what is being
Now all that is already on the net.
The thought I had was that people making password cracking
programs could possibly shorten their task by detecting or even
just guessing the keyboard layout in use on a computer before
starting their cracking algorithm.
That in turn led to the thought that - fanatical or perverse
people - could devise passwords to incorporate this technique
for composing special characters - thereby making their own life
more difficult and in so doing expanding considerably the range
of characters which would need to be tested by a password
cracker. I guess in one way the concept is not all that
different for, like the monkeys charged with writing a
Shakespearean play, given enough time, the result is the same
for the symbols simply represent an extended character sequence.
But in another way it is for in this situation time is of the
This technique would certainly make it easier to remember an
complicated password and may even tempt users to leave a copy of
their passowrd in a readily accessible location in the
expectation that other people would either not understand what
they were looking at or not know how to enter such a password.
Following on in this train of thought, the password
âåé£ß can be entered as
CONTROL/SHIFT <hold down> u2030 <release>
CONTROL/SHIFT <hold down> u0152 <release>
CONTROL/SHIFT <hold down> u017d <release>
CONTROL/SHIFT <hold down> u00a3 <release>
CONTROL/SHIFT <hold down> u00a7 <release>
Surprise , surprise - I tested this - and it works to display
the test string in gedit.
Masochists take note!
A further event led me to doubt what I have written and it took
a while for me to work out what had happened for the given
combination CONTROL/SHIFT <hold down> U00a3
<release> started to give me the colon - : - symbol. I was
rather annoyed and puzzled - and my root password stopped
working - but eventually it dawned on me that I had developed
the habit of inverting the last two digits of the unicode
sequence and had started to type CONTROL/SHIFT <hold down>
U003a <release> instead of CONTROL/SHIFT <hold down>
Another instance of human error! - and a warning about the
unforgiving nature of this technique!
Users of this process are advised to proceed with caution. It
would be wise to test thoroughly on your own specific system
before commiting yourself. (Interesting choice of word that -
commit!) A user should make sure that they know which symbols
are in fact being entering and test the whole exercise by
creating a dummy user before relying on the procedure.
It is possible of course to enter a symbol combination which is
only thought to be known. Such a symbol sequence can also be
reproducable but at the same time it may be different from what
the user thinks is being entered. I tested the actual symbols
being encoded by typing the sequence in gedit so that I could
see that the sequence I thought I was entering was in fact what
was entered on my system.
I would expect the technique to be applicable in a wide variety
of Linux and UNIX based systems. I have used it only under Linux
Mint 13 Cinnamon.
Feedback on the applicability of the technique to: Mac OS X,
Ubuntu and other Linux variants might be an interesting exercise
if anyone doing their own experimentation is interested in
(Go to Wide Range of Topics on cappels.org)
Article copyright ©2012 by Puddledud. First posted on
August 12, 2012 on cappels.org
Return to HOME
You can send
email to Dick Cappels at projects(at)cappels.org. Replace "(at)"
with "@" before mailing. I can forward email to Puddledud.
Keywords: Linux security, keyboard remap, security enhancement,
password security, Linux password,
Liability Disclaimer and intellectual
(Summary: No warranties, use these pages at
your own risk. You may use the information provided here for
personal and educational purposes but you may not republish or
use this information for any commercial purpose without
explicit permission.) I neither express nor imply any
warranty for the quality, fitness for any particular purpose
or user, or freedom from patents or other restrictions on
the rights of use of any software, firmware, hardware, design,
service,information, or advice provided, mentioned,or made
reference to in these pages. By utilizing or relying on
software, firmware, hardware, design, service,information, or
advice provided, mentioned, or made reference to in these pages,
the user takes responsibility to assume all risk and associated
with said activity and hold Richard Cappels harmless in the
event of any loss or expense associated with said activity. The
contents of this web site, unless otherwise noted, is
copyrighted by Richard Cappels. Use of information presented on
this site for personal, nonprofit educational and noncommercial
use is encouraged, but unless explicitly stated with respect to
particular material, the material itself may not be republished
or used directly for commercial purposes. For the purposes of
this notice, copying binary data resulting from program files,
including assembly source code and object (hex) files into
semiconductor memories for personal, nonprofit educational or
other noncommercial use is not considered republishing. Entities
desiring to use any material published in this pages for
commercial purposes should contact the respective copyright
Free Hit Counter