Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mesh password #27

Closed
dismantl opened this issue Aug 20, 2013 · 4 comments
Closed

Mesh password #27

dismantl opened this issue Aug 20, 2013 · 4 comments
Labels
0 - Backlog enhancement Usability
Milestone
11-2013

Comments

@dismantl
Copy link
Contributor

I don't think we should have the mesh password field on the quick start. Andrew mentioned that it would encourage weak passwords, since the password would have to be shared and manually entered into every mesh node that is set up, and I would agree with that reasoning.

I think a better approach would be, instead of having the user change default values on the quickstart, there should be another notification for the admin after quickstart that the node is using default values and should change them. These values should be changed manually on one node, then shared with the others strictly through exported profile files. The profile file would include, among other settings, the mesh password and the serval keyring used for olsrd-mdp. We could even have the node randomly generate a strong mesh password (though the PRNG on the routers is of dubioius entropy).
@ghost ghost assigned jheretic Aug 20, 2013
@westbywest
Copy link

I fully understand that providing a field where users could enter "password" as their password value will invariably lead to instances where users do actually enter "password," regardless of any bolded warning text on the form, or even javascript nags. That is just human nature.

However, not providing this field at all does still ultimately limit the UI, perhaps needlessly. Image you're needing to flash a new node to participate in an existing mesh (which has an existing, secure mesh password). Being able to paste that password into the new node's quick start form would make this task very easy.

Suggested alternative: provide a form input for the mesh/adhoc password, but have it pre-populated with a reasonably long string of random chars, up to 63chars long. This string doesn't have to be (pseudo) randomly generated; since you would still like for a collection of newly flashed nodes to still mesh together right away. Put a brief description under the field explaining the password's purpose, including that only the nodes need to know this password internally. No human should need to use the mesh password (besides during initial quick start).

@critzo
Copy link
Contributor

critzo commented Sep 3, 2013

There seems to be at least some use cases for the mesh password being in Quickstart. There are basic password checking rules in place now, and I believe plans for stronger rules for all passwords in Commotion.

At the very least, the explanatory text for the Mesh Password field needs to be clearer, and I think the field should be placed below the node name and admin password.

@areynold
Copy link
Contributor

areynold commented Oct 3, 2013

I propose we add this question to the upcoming UI review for version 1.0

@ghost ghost assigned critzo and dismantl Oct 11, 2013
@seamustuohy
Copy link
Owner

UI/UX review has reviewed and decided upon R1 quickstart contents.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0 - Backlog enhancement Usability
Projects
None yet
Milestone
11-2013
Development

No branches or pull requests
6 participants
@areynold @westbywest @seamustuohy @jheretic @dismantl @critzo