Bug 411986 - [PATCH] Simplify attended password, multi case/character is too hard to read out over the phone for support
Summary: [PATCH] Simplify attended password, multi case/character is too hard to read ...
Status: REPORTED
Alias: None
Product: krfb
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Alexey Min
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-09-16 23:19 UTC by Bernard Gray
Modified: 2019-09-28 10:41 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
patch (1.61 KB, patch)
2019-09-16 23:19 UTC, Bernard Gray 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Bernard Gray 2019-09-16 23:19:29 UTC 
Created attachment 122685 [details]
patch

SUMMARY
The current attended password format is simply too complicated for users to read out over the phone. 

This patch simplifies it to a 4 digit integer, patch from the current github master

--- a/krfb/invitationsrfbserver.cpp
+++ b/krfb/invitationsrfbserver.cpp
@@ -110,7 +110,7 @@ void InvitationsRfbServer::toggleUnattendedAccess(bool allow)
 
 InvitationsRfbServer::InvitationsRfbServer()
 {
-    m_desktopPassword = readableRandomString(4) + QLatin1Char('-') + readableRandomString(3);
+    m_desktopPassword = readableRandomFourDigits();
     m_unattendedPassword = readableRandomString(4) + QLatin1Char('-') + readableRandomString(3);
     KConfigGroup krfbConfig(KSharedConfig::openConfig(),"Security");
     m_allowUnattendedAccess = krfbConfig.readEntry(
@@ -207,6 +207,19 @@ void InvitationsRfbServer::walletOpened(bool opened)
     }
 }
 
+// a random string made up of numbers for easy readability
+// based on KRandom::random()
+QString InvitationsRfbServer::readableRandomFourDigits()
+{
+    int r = KRandom::random();
+    while (r < 1000) {
+        r = KRandom::random();
+    }
+    QString str = QString::number(r);
+    str.resize(4);
+    return str;
+}
+
 // a random string that doesn't contain i, I, o, O, 1, l, 0
 // based on KRandom::randomString()
 QString InvitationsRfbServer::readableRandomString(int length)
diff --git a/krfb/invitationsrfbserver.h b/krfb/invitationsrfbserver.h
index 6b6b16d..cc54a29 100644
--- a/krfb/invitationsrfbserver.h
+++ b/krfb/invitationsrfbserver.h
@@ -68,6 +68,7 @@ private:
     QString m_unattendedPassword;
     KWallet::Wallet *m_wallet;
 
+    QString readableRandomFourDigits();
     QString readableRandomString(int);
     Q_DISABLE_COPY(InvitationsRfbServer)
 };
Comment 1 Bernard Gray 2019-09-16 23:29:06 UTC 
Please note, this only affects the password factor of the *attended password* - the second factor (user allowing the connection) is still required in case the password is guessed
Comment 2 Alexey Min 2019-09-28 10:41:38 UTC 
Hi! Can you please describe in a bit more detail why this is needed, a use case? What a phone has to do with it?