nm-tray icon indicating copy to clipboard operation
nm-tray copied to clipboard
verified publisher icon palinek

password length oustide IEEE standard is accepted, silently fails

Open wxl opened this issue 6 years ago • 1 comments

The IEEE standard for WPA2 in H.4 Suggested pass-phrase-to-PSK mapping (which includes a discussion of security considerations) says:

A pass-phrase is a sequence of between 8 and 63 ASCII-encoded characters. The limit of 63 comes from the desire to distinguish between a pass-phrase and a PSK displayed as 64 hexadecimal characters.

However, nm-tray will accept a password outside of these limits. Other utilities simply will not proceed. This makes a lot more sense because otherwise it seems to silently fail.

Expected Behavior

If a password outside of the stated limits is given, nm-tray does not allow proceeding.

Current Behavior

nm-tray will accept a password of any length and silently fail.

Possible Solution

The code should check the length of the password and keep the OK button greyed out unless it meets the criteria.

Steps to Reproduce (for bugs)
  1. Connect to a new WPA2 access point.
  2. When asked for the password, enter in the correct password and click ok or hit enter.
  3. The icon changes to grey with three white horizontally-aligned dots on top of it, and then a "connection established" notification is raised.
  4. Delete the new WPA2 access point connection.
  5. Connect to a new WPA2 access point.
  6. When asked for the password, enter the wrong password, but of a length between 8 and 63 characters and click ok or hit enter.
  7. The icon changes to grey with three white horizontally-aligned dots on top of it, and then a "connection lost" notification is raised.
  8. Delete the new WPA2 access point connection.
  9. Connect to a new WPA2 access point and click ok or hit enter.
  10. When asked for the password, enter one smaller than 8 or larger than 63 characters.
  11. The icon does not change and no notification is raised.
Context

Other nm front ends do not allow proceeding until the appropriate character length is met.

System Information
  • Distribution & Version: Lubuntu 20.04
  • Kernel Version: 5.4.0-9.12
  • Qt Version: 5.12.5+dfsg-8build1
  • Network-Manager Version: 1.22.8-1ubuntu1
  • nm-tray Version: 0.4.3
  • Package version: 0.4.3-0ubuntu2

wxl avatar Mar 04 '20 21:03 wxl

The whole "enter password dialog" is just quick dirty hack to allow connect to unknown wifi quickly... It is in the same category as the needed native connection editor...

palinek avatar Mar 14 '20 07:03 palinek