Saturday, December 01, 2007

Crappy Linksys design

Let's say you're trying to join a WEP-encrypted wireless network (despite the security issues), and you need the password in hex format, since plain text passwords often fail to work.



So the dude who runs the network goes to look up the hex password, and sees the following when he connects to his Linksys router in his Web browser:





Oh, cool. The hex password is "6D68E02B33F2BCACC".



But, gee, why can't my MacBook connect to the wireless network? Why isn't the password working?



Because that wasn't really the password. The fool who designed the interface for my Linksys router made the hex password field way too short to show the password!



There are nine password characters hidden by the end of the password field. Here's what the password field would look like if it were designed properly:







The whole hex password is visible here.



This design flaw bit me at Thanksgiving, when our guest could not connect to the network even after I pulled up the hex password via our Linksys router interface. And I suspect it is behind some of the online wireless questions involving Linksys routers and Macs that no one can resolve.



Linksys' design is especially stupid because every single 128-bit (really 104-bit, but whatever) hex password ever used for any WEP connection is the same length: 26 characters. It's just the way the WEP standard works. And Linksys knows this, which is why the HTML form field for the hex password limits you to 26 characters:



Once you're aware of this issue, it is possible to see the nine hidden characters by carefully manipulating the mouse in the Linksys hex password field and scrolling to the right. But you shouldn't have to do this. The password field should be properly designed to begin with.

5 comments:

Anonymous said...

and this is why you should continue to use a mac. Wow... thats all I gotta say about this is wow.

Anonymous said...
This comment has been removed by a blog administrator.
Ryan said...
This comment has been removed by the author.
Unknown said...
This comment has been removed by a blog administrator.
Ryan said...

Deleting any posts with instructions on HOW to copy the string. I know how to do that. This is about design, which should accomodate less technical users than I.