#948 HIGH Trial-3: NM: key only allows hex entry
Zarro Boogs per Child
bugtracker at laptop.org
Mon Sep 24 06:13:41 EDT 2007
#948: NM: key only allows hex entry
---------------------+------------------------------------------------------
Reporter: bert | Owner: tomeu
Type: defect | Status: new
Priority: high | Milestone: Trial-3
Component: sugar | Version:
Resolution: | Keywords:
Verified: 0 |
---------------------+------------------------------------------------------
Changes (by tomeu):
* owner: dcbw => tomeu
Comment:
Sep 21 23:00:21 <dcbw> tomeu: sure; WEP is an md5-based hash algorithm,
WPA is sha1 based. but I don't think you can just md5/sha1 the data
straight
Sep 21 23:00:53 <tomeu> dcbw: I cannot feed the s:<ascii> string directly
to NM?
Sep 21 23:00:59 <dcbw> tomeu: no
Sep 21 23:01:04 <dcbw> tomeu: hashing is done client-side, not NM side
Sep 21 23:01:09 <dcbw> tomeu: I have no idea what bert's talking about
Sep 21 23:01:34 <dcbw> tomeu: I tihnk he's talking about ASCII
passphrases which nobody actually uses anymore
Sep 21 23:01:36 <tomeu> dcbw: gnome's nm applet allows entering an ascii
passphrase
Sep 21 23:01:41 <tomeu> dcbw: well...
Sep 21 23:01:46 <tomeu> dcbw: I use...
Sep 21 23:01:48 <dcbw> tomeu: yes, and converts it internally to a hex
key, which gets sent to NM
Sep 21 23:01:55 <tomeu> that's why I want to do it
Sep 21 23:02:04 <dcbw> tomeu: NM does not do passphrase hashing, the
client (in this case sugar) does the hashing
Sep 21 23:03:55 <tomeu> dcbw: ok, will look at it
Sep 21 23:08:18 <dcbw> tomeu: it's not horrible for WEP at least:
http://svn.gnome.org/viewcvs/NetworkManager/branches/NETWORKMANAGER_0_6_0_RELEASE
/libnm-util/cipher-wep-passphrase.c?view=markup
Sep 21 23:08:28 <dcbw> tomeu: you care about
cipher_wep_passphrase_hash_func()
Sep 21 23:08:44 <tomeu> wow, great, dan!
Sep 21 23:08:52 <dcbw> tomeu: which repeats the data over 64-bytes, and
then hashes it with md5
Sep 21 23:08:57 <dcbw> tomeu: so wep is easy
Sep 21 23:09:57 <dcbw> tomeu: WPA is harder; for wpa, look at
http://svn.gnome.org/viewcvs/NetworkManager/branches/NETWORKMANAGER_0_6_0_RELEASE
/libnm-util/sha1.c?view=markup and you care about pbkdf2_sha1()
Sep 21 23:11:22 <tomeu> dcbw: regarding the UI, should we try to
autodetect the format the key has been entered, or just add a checkbox to
the dialog?
Sep 21 23:11:49 <tomeu> dcbw: we have also the possibility of expecting
passphrases to be prefixed by s:
Sep 21 23:12:15 <dcbw> tomeu: it is impossible to autodetect WEP
passphrase types
Sep 21 23:12:16 <tomeu> dcbw: I guess we don't need to bother eben about
it, as it's not part of the main user experience
Sep 21 23:12:26 <dcbw> tomeu: so for that, my suggestion is to turn
things around
Sep 21 23:12:49 <dcbw> tomeu: require $:<hex key> for hex, default WEP is
md5 passphrase, and ":<ascii passphrase> for ascii passphrse
Sep 21 23:13:48 <tomeu> dcbw: same thing for wpa?
Sep 21 23:14:10 <dcbw> tomeu: right, default to passphrase and must enter
$:<key> for hex
Sep 21 23:14:17 <dcbw> tomeu: except that WPA makes it easy
Sep 21 23:14:25 <dcbw> tomeu: because the hex key _must_ be 64-bytes
Sep 21 23:14:37 <dcbw> tomeu: but WPA passphrase can only be from 8 - 63
bytes, so length works there
Sep 21 23:14:49 <dcbw> tomeu: technically we wouldn't need any hints for
WPA
Sep 21 23:15:03 <dcbw> tomeu: not sure if we want to keep the prefix if
just for consistency
Sep 21 23:15:22 <tomeu> yeah, perhaps would be better
Sep 21 23:15:42 <dcbw> tomeu: actually, lets just drop prefix for WPA and
only use it for WEP
Sep 21 23:15:57 <dcbw> tomeu: it's easier to convert to prefix later than
it is to change from prefix->key
--
Ticket URL: <https://dev.laptop.org/ticket/948#comment:4>
One Laptop Per Child <https://dev.laptop.org>
OLPC bug tracking system
More information about the Bugs
mailing list