One Hundred Paper Cuts -- the first ten

Didier Roche didrocks at
Fri Jun 19 16:31:56 BST 2009

On Fri, Jun 19, 2009 at 5:08 PM, David Siegel<david.siegel at> wrote:
> Scott James Remnant wrote:
>> On Fri, 2009-06-19 at 08:58 -0500, David Siegel wrote:
>>>>> Wifi auto-connection asks for keyring password
>>>> This issue is pretty hard to get right, and thus I think it really
>>>> disqualifies as a paper cut. I commented on the bug and subscribed
>>>> Alex and Seb for further input. Your input from design POV heavily
>>>> appreciated as well.
>>> I feared that this one in particular would be too difficult to fix
>>> completely, but what about ensuring that the password prompt has a "save
>>> password for future use" checkbox, so the password only has to be
>>> entered once per encrypted wifi network?
>> Ah, a misunderstanding.
>> This is exactly what already happens, Network Manager saves the network
>> passphrase for future use.
>> The problem is that the keyring *into which* it saves that password is
>> encrypted with your login password as a key.
>> If you use auto-login, your *keyring* is not yet open.
>> The passphrase you have to enter is not the network passphrase, it is
>> your login password - needed to decrypt your keyring.
>> Otherwise all the saved passwords and passphrases would be trivially
>> readable :-(
>> Scott
> Yes, I understand, sorry I wasn't thinking it through.
> So what about Windows and Mac OS users who auto-login and are not
> required to unlock their keyrings before joining their wifi networks?
> Surely Mac OS stores encrypted wifi network passwords in a keychain
> rather than in plain text, getting users on the network at login with
> zero hassle. I know we've left paper cut land, but I'm just curious
> about whether this is fixable, and, if it is fixable, what it would take
> to fix it. This behavior has been reported 4 or 5 times within
> hundredpapercuts.

This has already been discussed a couple of months ago in this thread
(even if it was UNR related):

In a nutshell, no keyring is not a solution.

More information about the ubuntu-devel mailing list