[Commotion-dev] Thoughts about more robust key management for Commotion
Ben West
ben at gowasabi.net
Tue Aug 13 19:36:22 UTC 2013
Hi All,
This post is in follow-up to these recent PR's, and it is intended to be
brain-stormy, rather than direct advice for any particular implementation.
https://github.com/opentechinstitute/commotion-quick-start/pull/26
https://github.com/opentechinstitute/key-management-api/pull/1
While it is definitely good to have the QS UI encourage users to select an
adhoc password, the WPA encryption supports keys up to 63chars (or 64?) in
length.
For WasabiNet, I use the pwgen command line tool to generate strings with
lots of lot entropy specifically to reduce vulnerability to dictionary or
brute force attacks. This vulnerability would be especially critical for
the adhoc net, as all nodes share than key.
What are thoughts about having Quickstart itself recommend adhoc/mesh keys
with optimal entropy? I.e. perhaps have that field pre-filled with a
maximum entropy key that the user could copy/paste? Maybe also have a
'regenerate' button next to the field to generate new keys as needed?
If you are already anticipating the case where a single individual (or
group of individuals working together) will flash and configure all nodes
in a single mesh, then they should be able to manage doing to the
copy-pasta to have all nodes set with the same 63char mesh key.
--
Ben West
http://gowasabi.net
ben at gowasabi.net
314-246-9434
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-dev/attachments/20130813/a30216bd/attachment.html>
More information about the Commotion-dev
mailing list