nmcli: increase strength of generated hotspot passwords

The password currently generated has ~48 bits of entropy; increase the length from 8 to 12 to get ~70 bits. While at it, exclude characters that look similar and might be entered wrongly by users. (cherry picked from commit 231128d28d)
2026-03-02 06:10:33 +01:00 · 2023-03-22 10:41:44 +01:00 · 2023-03-22 10:41:44 +01:00 · 2259c519ab
commit 2259c519ab
parent a08511a56f
1 changed files with 6 additions and 6 deletions
--- a/src/nmcli/devices.c
+++ b/src/nmcli/devices.c
@ -4091,7 +4091,7 @@ generate_ssid_for_hotspot(void)
    return ssid_bytes;
 }

-#define WPA_PASSKEY_SIZE 8
+#define WPA_PASSKEY_SIZE 12
 static void
 generate_wpa_key(char *key, size_t len)
 {
@ -4100,14 +4100,14 @@ generate_wpa_key(char *key, size_t len)
    g_return_if_fail(key);
    g_return_if_fail(len > WPA_PASSKEY_SIZE);

-    /* generate a 8-chars ASCII WPA key */
    for (i = 0; i < WPA_PASSKEY_SIZE; i++) {
        int c;

        do {
-            c = nm_random_u64_range_full(33, 126, TRUE);
-            /* too many non alphanumeric characters are hard to remember for humans */
-        } while (!g_ascii_isalnum(c));
+            c = nm_random_u64_range_full(48, 122, TRUE);
+            /* skip characters that look similar */
+        } while (NM_IN_SET(c, '1', 'l', 'I', '0', 'O', 'Q', '8', 'B', '5', 'S')
+                 || !g_ascii_isalnum(c));

        key[i] = (char) c;
    }
@ -4141,7 +4141,7 @@ set_wireless_security_for_hotspot(NMSettingWirelessSecurity *s_wsec,
                                  gboolean                   show_password,
                                  GError                   **error)
 {
-    char        generated_key[11];
+    char        generated_key[20];
    const char *key;
    const char *key_mgmt;