833614 - [tethering] WPA minimum password length should be enforced in wi-fi tethering settings

Status: RESOLVED DUPLICATE of bug 818829

(Firefox OS Graveyard :: Gaia::System, defect)

Description

[Matthew N. [:MattN]]

STR:
1) Go to Settings > Internet Sharing
2) Turn off Wi-fi hotspot if it is on
3) Tap "Hotspot settings" button
4) Choose Security: WPA2 (AES) or WPA (WKIP)
5) Set password to a value with less than 8 characters
6) Tap OK
7) Turn Wi-Fi hotspot on
8) Try to connect to the hotspot from another device (Device B) which enforces a 8 character minimum ASCII password length for WPA/WPA2 (e.g. OS X 10.7).

Actual result:
Device B will not accept a password less than 8 ASCII characters. User is confused because they typed the password which matches the one shown in Gaia. User thinks the tethering feature is broken.

Expected result:
Wi-fi hotspot settings should be validated in step 6 when OK is pressed (and while typing the password if the security field is moved to the top of the settings).  A password shorter than 8 ASCII characters should not be accepted when WPA/WPA2 is security is selected.
The hotspot settings should also be validated when the wi-fi hotspot is turned on in case the existing password is too short. Taking the user to the hotspot settings page with the validation error would probably be suitable. The password requirements should probably be enforced in wi-fi code.

There is some discussion about where the 8 comes from at http://serverfault.com/a/165102
"…the IEEE standard states in H.4 Suggested pass-phrase-to-PSK mapping (which includes a discussion of security considerations):

    A pass-phrase is a sequence of between 8 and 63 ASCII-encoded characters. 
    The limit of 63 comes from the desire to distinguish between a pass-phrase 
    and a PSK displayed as 64 hexadecimal characters."

I don't know how widespread the client enforcement of this password length is.

Comment 2

[Andrew Overholt [:overholt]]

Vincent, this bug is important for a partner.  Can you or someone else fit it into your existing queue?

Comment 3

[Vincent Chang[:vchang][changyihsin]]

According to STR step 5, Set password to a value with less than 8 characters
We should limit the password length in gaia.  Evelyn, can you help to take this ?

Comment 4

[Evelyn Hung]

Redirect this to Arthur, because I'm working on other issues.

Comment 5

[Daniel Coloma:dcoloma]

qawanted to check if this issue can be reproduced in v1.0.1, if so, we should block on it.

Comment 6

[Naoki Hirata :nhirata (please use needinfo instead of cc)]

This reproduces on v1.0.1
Gecko  http://hg.mozilla.org/releases/mozilla-b2g18_v1_0_1/rev/bc2b669a4e27
Gaia   1a6e1cd7715a5192b32db4b7127c5ae5b8162a7a
BuildID 20130311230203
Version 18.0

WPA and WPA/2 have min password lengths.  Doing these does not meet that requirement.

Comment 7

[Alex Keybl [:akeybl]]

(In reply to Naoki Hirata :nhirata from comment #6)
> This reproduces on v1.0.1
> Gecko  http://hg.mozilla.org/releases/mozilla-b2g18_v1_0_1/rev/bc2b669a4e27
> Gaia   1a6e1cd7715a5192b32db4b7127c5ae5b8162a7a
> BuildID 20130311230203
> Version 18.0
> 
> WPA and WPA/2 have min password lengths.  Doing these does not meet that
> requirement.

What OS was this verified on - every device is impacted? Can we make #8 of the above STR more explicit?

Comment 8

[Arthur Chen [:arthurcc][inactive after 6/30]]

This bug has been fixed in master with the patch of bug 818829. https://github.com/mozilla-b2g/gaia/commit/22f5874ffefdcfcfeb6217ed0be83da80352858e

Suggest to uplift this patch to corresponding branches.

Comment 9

[Tim Guan-tin Chien [:timdream] (please needinfo)]

Mark as dup of 818829 and correct the flags. We should uplift the fix there.