It's following https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access.
From that site ...
"This key may be entered either as a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters.[22] "

Note 22 has ...
" Each character in the passphrase must have an encoding in the range of 32 to 126 (decimal), inclusive. (IEEE Std. 802.11i-2004, Annex H.4.1)
The space character is included in this range."

Try entering the password including enough trailing spaces to make it 8
characters.

CC: (none) => davidwhodgins

And complain to the hotel about this.

Well researched Dave.

CC: (none) => lewyssmith

Space as is within the valid range; that doesn't mean the AP will accept it as a part of the key. The hotel APs don't let me connect with space padding, so using my phone's hotspot...

Are they using wep encryption instead of wpa2?

Possibly, the hotel in St. Louis, MO last month used "travel" and in Dallas, TX this weekend, it was lastname+room number; booked by my colleague: "yost600"...

I zipped though the mcc setup so fast, I didn't notice that detail...

(In reply to Lewis Smith from comment #2)
> And complain to the hotel about this.

Based on a sample of only two hotels out of the thousands...  that's 100% of samples...  Good luck getting all the country's hotels to change, especially since they likely don't have in-house skills. The Dallas hotel would likely have to get their corporate HQ's IT to make that change.

Then, there's the issue of 'why' they use short keys...  did they already get complaints from clients who couldn't use WPA2...? Other reasons?

I haven't been a Windows user since 1998; but I do help some friends with connectivity on very rare occasions -- I don't recall Windows asking for more than the key; maybe they hide WEP v. WPA2 from the user...?

wep was deprecated in 2004 https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy
It's very easy to crack with commonly available tools.

Most routers less than 5 years old no longer support it, but an older router
or one that hasn't had it's firmware kept update-to-date may still support it.

Agreed; sadly, we are at the mercy of whatever the hotels provide...

Closing as invalid since I didn't get the encryption type; and have no upcoming hotel stays planned.

Resolution: (none) => INVALID
Status: NEW => RESOLVED

On reflection, I think Pierre had a point:
Regardless of WEP|WPA2, if the real world uses WiFi access keys less than 8 characters, I think Mageia should allow that. It is always arkward when people say that other systems cope, ours does not. Unsure whether this can only happen with WEP, in which case that should be considered.

I have re-opened this (so we can see it easily) for comment about this point. Not going to make a stand about it, but it looks a reasonable request which looks easy to implement. If people think it is not worth the change, close it again.

Status: RESOLVED => REOPENED
Resolution: INVALID => (none)

Mageia should NOT/NEVER lower the security standards only because a hotel IT guy slept for the last 20 years. 

MCC follows the WPA2/WPA3 standard which requires a passwort between 8 and 63 characters. Also networkmanager enforces this standard (networkmanager is the standard tool in most other linux distributions except Mageia).
Actual recommendations are to use at least 20 characters as anything below is also already easy to hack.

So the question is, why should MCC provide a unsafe and since 20 years deprecated method?

>So the question is, why should MCC provide a unsafe and since 20 years deprecated method?

This is not asking to "provide a unsafe ... method"; it's asking not to be an enforcer.  We can still buy dangerous items without "safety" features; users' choice...

At least provide a warning or some other clue so the user does not waste time trying to figure out why the hotel WiFi can't be accessed.

The user should have the final choice...  this is akin to deciding that making right turns are more dangerous than left turns in a vehicle; except that the driver still has the choice to make three left turns in order to go right.  Here, there is no alternative without changing vehicles, such as a phone hotspot with a data plan...

There are over 91,000 hotels to potentially convince to convert in USA alone...  
https://familydestinationsguide.com/hotel-statistics-usa-2022/

If the setting WPA/WPA2 Pre-Shared Key is selected, but the password for
a wep setting is entered, the connection will fail.

Hopefully the person will double check the instructions from the hotel and find
out that Open WEP (or one of the other encryption modes) is supposed to be
selected, or find out that the password is padded with spaces.

It is not a valid password for wpa. If Mageia changes to allow it in mcc then
expect a bug to be opened complaining that mcc shouldn't allow it.

It may (or may not) cause a problem elsewhere in the wifi software that
triggers a message that is even more obscure.

Closing as invalid.

Status: REOPENED => RESOLVED
Resolution: (none) => INVALID

Note that if you really do want to experiment with an invalid password,
manually edit the wireless network interface config file that mcc generates
/etc/sysconfig/network-scripts/ifcfg-w?????

(In reply to Pierre Fortin from comment #11)
> This is not asking to "provide a unsafe ... method"; it's asking not to be
> an enforcer. 
WEP is deprecated since 20 (in words: twenty) years because it is unsafe by design and actively exploited. There is no enforcing! Standards change and technology evolves...


> The user should have the final choice...  
You have the choice. If you really want it, there are ways to remove all security mechanisms from your operating system. But Mageia will never do this for you. The same as no manufacturer will sell you a car without safety belts. It is the responsibilty of all manufacturers/developers to provide a safe product/tool for all users/customers.


> There are over 91,000 hotels to potentially convince to convert in USA
> alone...  
> https://familydestinationsguide.com/hotel-statistics-usa-2022/
Nice Article. But where did you read that these 91k hotels use WEP?

Where did I report or even mention WEP as the issue; the first mention of WEP was as a question in comment 4?  This report is about key length...

Resolution: INVALID => FIXED

Dave, I just typed my response and did NOT touch the Status...

.

Resolution: FIXED => INVALID

(In reply to Pierre Fortin from comment #15)
>This report is about key length...

We know. As already mentioned by Dave (backed by some links) and me several times, the different wifi standards require different key lenghts.

With the deprecated WEP it was possible to use only 5 char long passwords. Beginning with WPA, 8 to 63 characters are required. WPA was introduced 24 years ago and is nothing surprising or new invention.

Like cars warn when seat belt is not fastened, i think MCC should warn if key is short (or trivial, if possible), but not hard refuse.

There are cases where seat belt is good to detach, like when manouvering in reverse and you have to lean much to see.  Like when there is a hotel IT guy in the way ;)

Some people do not even encrypt their disks. Easy physical theft of data, but MCC allows unencypted disk.

Hindering communication can often be more dangerous than potential theft. When i travel for work I normally use a laptop with no sensitive data on.

Status: RESOLVED => REOPENED
CC: (none) => fri
Resolution: INVALID => (none)

This is getting out of hand.
I conclude that <8 char keys are only possible with WEP, long deprecated. But if it is still in use, we should cope with it.

Just trying to configure an arbitrary new WiFi connection, not visible, the details screen has a pre-defined 8-char key "darnil21" and the drop-down list of encryptations is (key implications unknown to me):
 Open WEP
 Key before sharing WEP/WAP2
 None
 Restricted WEP
 WPA/WPA2 Enterprise
so the network centre is still very WEP aware. If it knows it is setting up a WEP connection, it should probably allow <8 chars - only for them. (Pierre did not say which option he chose). 

Is this reasonable?

It's correct as it is. If you tell it to use wep (officially retired WEP in
2004) but still in use where people do not care about security.

In mcc, if open wep is chosen, it allows a password as short as one character.

wpa can not work with short passwords due to the way the actual encryption
key is generated from the password. Allowing them in the configuration will
lead to connections that fail.

So the solution is to describe in our documentation how to choose encryption?

It's already there in step 3 at
https://doc.mageia.org/mcc/9/en/content/mcc-network.html#d4e1822

(In reply to Dave Hodgins from comment #21)
> In mcc, if open wep is chosen, it allows a password as short as one
> character.
This is important, and covers the case.

> wpa can not work with short passwords
We are clear about WPA *not* being relevant to the complaint.

(In reply to Dave Hodgins from comment #23)
> It's already there in step 3 at
> https://doc.mageia.org/mcc/9/en/content/mcc-network.html#d4e1822
In fact it is not adequately covered. It only mentions WPA/WPA2 and WEP, not the choices I saw (comment 20).
So it looks like the software is behaving correctly, but the documentation does not correspond exactly enough.

How do we get a correct explanation of the Encryption modes currently offered?
Then how do we update the MCC User Guide correspondingly?

Almost every wifi connection uses wpa/wpa2. Some, where security of the
connection does not matter use wep.

I have no idea where any of the others that are supported are used, or what's
different about them. I would expect that anyone who is using them already
has either knowledge about them, or detailed instructions from people who
do know about them. I suspect they are used in some high security environments,
but that's just a guess.

It may be that they've just been left in the code from the Mandrake days, and
since no one current knows anything about them, the code has just been left
there.

This does not avoid the issue that for the 2 WEP choices offered:
 Open WEP
 Restricted WEP
we might allow <8 char keys. Despite the antiquity of WEP, Pierre's experience shows it is still out there, and he was inconvenienced as per comment 0.

Assigning to the tools maintainers in the hope that this can happen.

Source RPM: (none) => network centre
Summary: wifi encryption key length should not be forced to 8 characters => WEP wifi encryption key length should not be forced to 8 characters in Network Centre
Assignee: bugsquad => mageiatools