Shortening voucher length in 2.7.2
-
Hello
I know that this is something that make a lot of talking.
The goal : limit the voucher code lenght to 6 characters
I have find a method that work for pfsense 2.6 but since I move to 2.7.2 it doesn't work anymore and despite using the same keys and settings I always get errors in the output file and no voucher code at all.
If anyone has found a way to achive that I will be glad to ear from her/him.
Thanks for your help
Pierre -
Hello,
I had been having the same issues. I followed instructions per the older discussion threads but the methods seem outdated.
Which essentially allowed the keys to be changed through the command portal within PfSense
the commands were as follows in respective order
openssl genrsa 30 > key.private
openssl rsa - pubout <key.private> key.publiccat key.public
cat key.privatei tried these but no luck.
Then i found this video tutorial. Seems like alot of work for something that ought to be integrated within PfSense but im sure they have good reasons.
https://www.youtube.com/watch?v=he0kPrqOZY0
Update: Okay, i attempted to follow the instructions as per the video
Findings with help of ChatGPT - We could have also followed the prompts within PfSense cmd however the issue is arising from OpenSSL
It no longer is permitting 32bits codes for security measures. soo... i guess we can no longer do shorter codes?
@GertjanError on my terminal and PfSense: error:04081078:rsa routines:rsa_builtin_keygen:key size too small:crypto/rsa/rsa_gen.c:78:
-
@dmchavoc
Yes I found exactly the same issue
So we are stuck with loooonnnnnnggggg voucher code
Until a " Chose the lenght of your code" feature is included in pfsense.
That can be a big step forward when absolute security is not needed
Maybe one day.... -
@dmchavoc said in Shortening voucher length in 2.7.2:
What ? Who ? Me ?
You've explained it very well already :It no longer is permitting 32bits codes for security measures. soo... i guess we can no longer do shorter codes?
Just change the ? for a ! and you're spot on.
What ? You don't like progress ? ^^
I can share my point of view, but you wish you didn't saw it.
First of all, I don't use 'vouchers'. For me, these guy are (were) needed if an Internet needs to be sold. If you just want a fast and easy solution, a user name and password solution works well enough, and has no admin maintenance. Btw : I use it for a hotel, and I'm to lazy to explain to every client every day what a voucher is, etc etc. And make new sets, remove old sets etc.The user will find the login portal, the will know the room number (the portal user name) and the password is shown in the room directory they'll find in the room. This works for me - and for them.
Dealing with voucher is a, imho, not good alternative as it needs me to baby-sit the system.When I see this :
error:04081078:rsa routines:rsa_builtin_keygen:key size too small:crypto/rsa/rsa_gen.c:78:
this tells me that pfSense uses existing software (some package, library, whatever) that wasn't created by Netgate. Probably "OpenSSL". And yeah, OpenSSL have their reasons not to allow insecure crypto stuff anymore. They've decides that for you. Normally, not an issue, as we don't care if out TLS connection to connect to this forum is based upon 512, 1024, 2048 or 4096 bits ... our browser handle this for us. This issue become apparent when you uses 'codes' which have to be manually entered, like voucher codes.
@dmchavoc said in Shortening voucher length in 2.7.2:
Findings with help of ChatGPT
Sorry, guys. ChatGPT can be useful for hard questions like "how much eggs for the cake I want to prepare, 2 or 3 ?".
And we don't want GPT to "really" work.
I go for the fictional aspects of it.
