One Hundred Paper Cuts -- the first ten

Didier Roche didrocks at ubuntu.com
Fri Jun 19 16:31:56 BST 2009


On Fri, Jun 19, 2009 at 5:08 PM, David Siegel<david.siegel at canonical.com> wrote:
> Scott James Remnant wrote:
>> On Fri, 2009-06-19 at 08:58 -0500, David Siegel wrote:
>>
>>
>>>>> Wifi auto-connection asks for keyring password
>>>>>     https://bugs.edge.launchpad.net/hundredpapercuts/+bug/388593
>>>>>
>>>>>
>>>> This issue is pretty hard to get right, and thus I think it really
>>>> disqualifies as a paper cut. I commented on the bug and subscribed
>>>> Alex and Seb for further input. Your input from design POV heavily
>>>> appreciated as well.
>>>>
>>>>
>>> I feared that this one in particular would be too difficult to fix
>>> completely, but what about ensuring that the password prompt has a "save
>>> password for future use" checkbox, so the password only has to be
>>> entered once per encrypted wifi network?
>>>
>>>
>> Ah, a misunderstanding.
>>
>> This is exactly what already happens, Network Manager saves the network
>> passphrase for future use.
>>
>> The problem is that the keyring *into which* it saves that password is
>> encrypted with your login password as a key.
>>
>> If you use auto-login, your *keyring* is not yet open.
>>
>> The passphrase you have to enter is not the network passphrase, it is
>> your login password - needed to decrypt your keyring.
>>
>>
>> Otherwise all the saved passwords and passphrases would be trivially
>> readable :-(
>>
>> Scott
>>
> Yes, I understand, sorry I wasn't thinking it through.
>
> So what about Windows and Mac OS users who auto-login and are not
> required to unlock their keyrings before joining their wifi networks?
> Surely Mac OS stores encrypted wifi network passwords in a keychain
> rather than in plain text, getting users on the network at login with
> zero hassle. I know we've left paper cut land, but I'm just curious
> about whether this is fixable, and, if it is fixable, what it would take
> to fix it. This behavior has been reported 4 or 5 times within
> hundredpapercuts.


This has already been discussed a couple of months ago in this thread
(even if it was UNR related):
https://lists.ubuntu.com/archives/ubuntu-devel/2009-March/027835.html

In a nutshell, no keyring is not a solution.
Didier



More information about the ubuntu-devel mailing list