GNOME Bugzilla – Bug 678287
Hotspot should default to WPA or WPA2 encryption
Last modified: 2014-09-02 14:11:56 UTC
The original bug is from https://bugzilla.novell.com/show_bug.cgi?id=766789 When creating an Ad-Hoc Network (Hotspot) in gnome-shell, it'll call 'gnome-control-center network', the encryption and the key are created automatically. But an automatism which only works *selectively* (in this case, for WEP) is a usability problem: it raises user expectations which are not fulfilled in the end. If we have an automatism for setting an encryption method and generating a key, it should work as follows: automatically detect the abilities of the network card and then use the best possible encryption. Or (if that is not possible), IMHO it's better to avoid the automatism completely and to prompt the user in the first place which encryption and key to use. Setting WEP automatically (no matter if a more secure encryption method like WPA would work, too) even leads to a false feeling of security on the user's side (since WEP is weak and rather unsecured). But if the system already selected an encryption, unexperienced users would normally trust the system's choice and not change it. Steps to reproduce: 1. Click the NM icon and select Network Settings > Wireless. 2. Click "Use as Hotspot" and confirm the pop-up, then enter the root password. Almost immediately, the following information is shown in the Network Settings dialog: * Security (WEP) * Network Mame (machine's hostname) and * an (automatically generated) security key You can change the automatically set options by clicking "Options" next to the "Hotspot" button and entering the root password to continue.
Choosing WEP encryption by default is bad, but this is what's selected by NM when I setup a hotspot (even though my network card doesn't support ad-hoc or hotspot functionality, see bug 675317).
The problem is that there are kernel/wpa_supplicant (configuration) problems with WPA for IBSS. WPA1 for IBSS is broken in kernel/drivers and open network is created instead of the protected one, which is really bad. WPA2/RSN for IBSS is not supported by many drivers and may not be enabled in wpa_supplicant. Thus, NetworkManager currently defaults to WEP. You can read more about the problems in these reports: rh #818214 - kernel is not able to create ad-hoc wifi (hotspot) with WPA https://bugzilla.redhat.com/show_bug.cgi?id=818214 rh #787733 - hide WPA ad-hoc network creation as it is not working https://bugzilla.redhat.com/show_bug.cgi?id=787733 rh #885903 - [enh] support WPA2 Ad-Hoc hotspots (RSN-IBSS) https://bugzilla.redhat.com/show_bug.cgi?id=885903 lp #905748 - Create WPA2 adhoc is Open, not encrypted https://bugs.launchpad.net/bugs/905748 wifi: disable Ad-Hoc WPA connections (lp:905748) http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=69247a00eacd00617acbf1dfcee8497437b8ad39
(In reply to comment #2) > The problem is that there are kernel/wpa_supplicant (configuration) problems > with WPA for IBSS. > > WPA1 for IBSS is broken in kernel/drivers and open network is created instead > of the protected one, which is really bad. > WPA2/RSN for IBSS is not supported by many drivers and may not be enabled in > wpa_supplicant. > Thus, NetworkManager currently defaults to WEP. > > You can read more about the problems in these reports: > rh #818214 - kernel is not able to create ad-hoc wifi (hotspot) with WPA > https://bugzilla.redhat.com/show_bug.cgi?id=818214 > > rh #787733 - hide WPA ad-hoc network creation as it is not working > https://bugzilla.redhat.com/show_bug.cgi?id=787733 > > rh #885903 - [enh] support WPA2 Ad-Hoc hotspots (RSN-IBSS) > https://bugzilla.redhat.com/show_bug.cgi?id=885903 > > lp #905748 - Create WPA2 adhoc is Open, not encrypted > https://bugs.launchpad.net/bugs/905748 > > wifi: disable Ad-Hoc WPA connections (lp:905748) > http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=69247a00eacd00617acbf1dfcee8497437b8ad39 Jiri, Thanks for your explanation. :)
Bug 719852 was filed with a patch, and merged for GNOME 3.14. Thanks for the bug report. This particular bug has already been reported into our bug tracking system, but please feel free to report any further bugs you find. *** This bug has been marked as a duplicate of bug 719852 ***