Re: Invalid bug report previously, raises usability question.

[Ryan Novosielski <novosirj umdnj edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dan Williams wrote:
> On Sat, 2008-04-19 at 23:56 +0000, Stefán Freyr Stefánsson wrote:
>> Hi again.
>>
>> It seems that my previous bug report was invalid. I have already closed the 
>> bug and added a comment explaining it.
>>
>> I had missed one combination when trying to connect to the wireless network, 
>> namely selecting "Open System" and "WEP Passphrase". Using that combination 
>> brought up the wireless network without a hitch.
>>
>> But this mess of mine raises a question of why the UI has to be this 
>> complicated (I know, I know... most of you are probably thinking that it 
>> isn't and you're probably right... but let's say for arguments sake that I'm 
>> the typical idio... I mean user). Maybe it really is necessary, I am not 
>> anywhere close to being any sort of an expert on wireless networks (as is 
>> clearly evident from my screwup before).
>>
>> But just bear with me here (and this may be a discussion that has already come 
>> up and been settled, apologies if that's the case).
>>
>> 1) Why does a user have to select between HEX and ASCII? It isn't difficult at 
>> all to take the string that is entered, check how many characters it has and 
>> whether there are any non-hex characters and tell from that what kind it is.
> 
> It's possible to detect HEX vs. ASCII, yes.  ASCII is either 5 or 13
> ASCII characters, while hex is either 10 or 26 hex characters.
> 
>> 2) Passphrase may be a little more difficult to "autodetect"... I'm not quite 
>> sure how exactly that works anyways so I shouldn't really say anything here. 
>> Is there anyone who sees a way of eliminating that choice as well? Of course, 
>> one way would be to say that if it's not an ASCII or a HEX key, then it 
>> probably is a passphrase, and if it looks like an ASCII or HEX key but 
>> doesn't work as such, then try it as a passphrase? I don't know... just an 
>> idea.
> 
> Passphrases are up to 64 characters of any type.  This is the big
> problem, because valid hex & ASCII keys are also valid passphrases.  And
> I've personally seen quite a few cases where what _looks_ like a HEX key
> is actually a passphrase.

I guess you COULD tell though that something that is the wrong length
cannot be a hex or ASCII key. That would be a help, I would think.

> WPA fixes this issue by specifying that hex keys are 64 characters long,
> while passphrases are between 8 and 63 characters, so you can tell by
> length alone here.  You just can't do this with WEP.
> 
> It's interesting to note that Mac OS X requires the user to choose
> between WEP Passphrase and WEP hex/ASCII separately.  
> 
>> 3) Open System vs. Shared Key? I have no idea what the difference between the 
>> two is!? Is there no way to autodetect this? Would a brute-force way (trying 
>> one and then the other) be possible here?
> 
> Unfortunately, you have to know.  Since WEP does not put any info about
> encryption into beacons, we can't autodetect this.  And also due to the
> way WEP works (and the linux driver stack), you usually can't easily
> detect whether the AP has rejected your association request because of
> the wrong auth method.

It has never seemed to make any differences what I select on this one.
I'd have to mess with my settings to see, but I'm actually not even sure
how to get the answer to that out of my [Linux 2.4] AP machine. Seems to
"just work" on my client machine anyhow.

- --
 ---- _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |novosirj umdnj edu - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIH+wcmb+gadEcsb4RAmKvAJ9ULqcTQgnr8fRviPVaw55h5fZaYQCfZ5nX
ym2OtzzepaStpkRieNyYQ7U=
=cf/k
-----END PGP SIGNATURE-----

begin:vcard
fn:Ryan Novosielski
n:Novosielski;Ryan
org:UMDNJ;IST/AST
adr;dom:MSB C630;;185 South Orange Avenue;Newark;NJ;07103
email;internet:novosirj umdnj edu
title:Systems Programmer II
tel;work:(973) 972-0922
tel;fax:(973) 972-7412
tel;pager:(866) 20-UMDNJ
x-mozilla-html:FALSE
version:2.1
end:vcard