Re: Invalid bug report previously, raises usability question.

[Dan Williams <dcbw redhat com>]

On Sat, 2008-04-19 at 23:56 +0000, Stefán Freyr Stefánsson wrote:
> Hi again.
> 
> It seems that my previous bug report was invalid. I have already closed the 
> bug and added a comment explaining it.
> 
> I had missed one combination when trying to connect to the wireless network, 
> namely selecting "Open System" and "WEP Passphrase". Using that combination 
> brought up the wireless network without a hitch.
> 
> But this mess of mine raises a question of why the UI has to be this 
> complicated (I know, I know... most of you are probably thinking that it 
> isn't and you're probably right... but let's say for arguments sake that I'm 
> the typical idio... I mean user). Maybe it really is necessary, I am not 
> anywhere close to being any sort of an expert on wireless networks (as is 
> clearly evident from my screwup before).
> 
> But just bear with me here (and this may be a discussion that has already come 
> up and been settled, apologies if that's the case).
> 
> 1) Why does a user have to select between HEX and ASCII? It isn't difficult at 
> all to take the string that is entered, check how many characters it has and 
> whether there are any non-hex characters and tell from that what kind it is.

It's possible to detect HEX vs. ASCII, yes.  ASCII is either 5 or 13
ASCII characters, while hex is either 10 or 26 hex characters.

> 2) Passphrase may be a little more difficult to "autodetect"... I'm not quite 
> sure how exactly that works anyways so I shouldn't really say anything here. 
> Is there anyone who sees a way of eliminating that choice as well? Of course, 
> one way would be to say that if it's not an ASCII or a HEX key, then it 
> probably is a passphrase, and if it looks like an ASCII or HEX key but 
> doesn't work as such, then try it as a passphrase? I don't know... just an 
> idea.

Passphrases are up to 64 characters of any type.  This is the big
problem, because valid hex & ASCII keys are also valid passphrases.  And
I've personally seen quite a few cases where what _looks_ like a HEX key
is actually a passphrase.

WPA fixes this issue by specifying that hex keys are 64 characters long,
while passphrases are between 8 and 63 characters, so you can tell by
length alone here.  You just can't do this with WEP.

It's interesting to note that Mac OS X requires the user to choose
between WEP Passphrase and WEP hex/ASCII separately.  

> 3) Open System vs. Shared Key? I have no idea what the difference between the 
> two is!? Is there no way to autodetect this? Would a brute-force way (trying 
> one and then the other) be possible here?

Unfortunately, you have to know.  Since WEP does not put any info about
encryption into beacons, we can't autodetect this.  And also due to the
way WEP works (and the linux driver stack), you usually can't easily
detect whether the AP has rejected your association request because of
the wrong auth method.

Dan