Bug 411986

Summary: [PATCH] Simplify attended password, multi case/character is too hard to read out over the phone for support
Product: [Applications] krfb Reporter: Bernard Gray <bernard.gray>
Component: generalAssignee: Alexey Min <alexey.min>
Status: REPORTED ---    
Severity: normal CC: alexey.min
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: patch

Description Bernard Gray 2019-09-16 23:19:29 UTC 
Created attachment 122685 [details]
patch

SUMMARY
The current attended password format is simply too complicated for users to read out over the phone. 

This patch simplifies it to a 4 digit integer, patch from the current github master

--- a/krfb/invitationsrfbserver.cpp
+++ b/krfb/invitationsrfbserver.cpp
@@ -110,7 +110,7 @@ void InvitationsRfbServer::toggleUnattendedAccess(bool allow)
 
 InvitationsRfbServer::InvitationsRfbServer()
 {
-    m_desktopPassword = readableRandomString(4) + QLatin1Char('-') + readableRandomString(3);
+    m_desktopPassword = readableRandomFourDigits();
     m_unattendedPassword = readableRandomString(4) + QLatin1Char('-') + readableRandomString(3);
     KConfigGroup krfbConfig(KSharedConfig::openConfig(),"Security");
     m_allowUnattendedAccess = krfbConfig.readEntry(
@@ -207,6 +207,19 @@ void InvitationsRfbServer::walletOpened(bool opened)
     }
 }
 
+// a random string made up of numbers for easy readability
+// based on KRandom::random()
+QString InvitationsRfbServer::readableRandomFourDigits()
+{
+    int r = KRandom::random();
+    while (r < 1000) {
+        r = KRandom::random();
+    }
+    QString str = QString::number(r);
+    str.resize(4);
+    return str;
+}
+
 // a random string that doesn't contain i, I, o, O, 1, l, 0
 // based on KRandom::randomString()
 QString InvitationsRfbServer::readableRandomString(int length)
diff --git a/krfb/invitationsrfbserver.h b/krfb/invitationsrfbserver.h
index 6b6b16d..cc54a29 100644
--- a/krfb/invitationsrfbserver.h
+++ b/krfb/invitationsrfbserver.h
@@ -68,6 +68,7 @@ private:
     QString m_unattendedPassword;
     KWallet::Wallet *m_wallet;
 
+    QString readableRandomFourDigits();
     QString readableRandomString(int);
     Q_DISABLE_COPY(InvitationsRfbServer)
 };
Comment 1 Bernard Gray 2019-09-16 23:29:06 UTC 
Please note, this only affects the password factor of the *attended password* - the second factor (user allowing the connection) is still required in case the password is guessed
Comment 2 Alexey Min 2019-09-28 10:41:38 UTC 
Hi! Can you please describe in a bit more detail why this is needed, a use case? What a phone has to do with it?