On 09/12/10 11:58, Stuart Henderson wrote: > On 2010/09/12 19:28, Damien Miller wrote: >> On Sun, 12 Sep 2010, Alexander Hall wrote: >> >>> For upcoming changes to the installer. >>> >>> PRE: # ifconfig wpi0 nwid mynet wpa wpapsk `wpa-psk mynet "my secret >>> passphrase"` >>> >>> POST: # ifconfig wpi0 nwid mynet wpa wpapsk "my secret passphrase" >>> >>> >>> A few conflicts arises; >>> >>> 1. You cannot have a passphrase starting with "0x" >>> 2. You cannot, as in -current, enter a 32-char string as the key (for >>> those of you even aware of that possibility, I sure wasn't :) >> >> Are you saying it won't be possible to use a pre-generated wpa-psk key? >> (i.e. the output of wpa-psk(8)) If not then this might break existing >> configs. > > No, that is still ok. What doesn't work with this diff is a _passphrase_ > rather than a key starting 0x. (Though you can still do this if you use the > wpa-psk tool to generate it..)
Yes. >>> 3. An nwid is required prior to supplying a passphrase to wpapsk. >>> 4. If the nwid is changed afterwards, the passphrase is not adjusted. >>> >>> 1 and 2) These can be taken care of by breaking this out into a new >>> "wpapass" option or so, if seen as real problems. >> >> I think that is a good idea. >> >>> 3 and 4) I don't see these as real problems. >> >> IMO it would be a good idea to warn for these cases. The diff makes ifconfig bail out if no nwid can be determined, since it needs one to do the hashing. > I agree. I think it might also make sense to clear wpapsk if the nwid > is changed to a different value as they key can't possibly be correct > as-is, and doing this makes it marginally easier if you move from a WPA > network to an open network (no more need to "ifconfig ral0 -wpapsk"). I was thinking about that, but reckoned you don't really _have_ to use a key hashed from the nwid, do you? Also, one might want to set the psk before the nwid (for any reason). I don't think leaving the psk behind could hurt much. /Alexander
