You are not logged in.

#1 2008-10-08 10:31:53

chochem
Member
From: Denmark
Registered: 2008-03-02
Posts: 176
Website

net-profiles/netcfg: wpa password is in plaintext in profile

As the heading says: Reviewing the security of the setup, I realized that having the wpa password lying in plaintext on the drive seems a bit careless. Any way of having it encrypted?

Offline

#2 2008-10-08 10:41:13

iphitus
Forum Fellow
From: Melbourne, Australia
Registered: 2004-10-09
Posts: 4,927

Re: net-profiles/netcfg: wpa password is in plaintext in profile

chmod it so users can't access it is a good start.

Offline

#3 2008-10-08 11:00:33

Garns
Member
Registered: 2008-05-28
Posts: 239

Re: net-profiles/netcfg: wpa password is in plaintext in profile

You can use wpa-config and a wpa_supplicant config file, if you want to. But if somebody was reading my files I  the safety of my wireless profiles would be among the last things I'd worry about.

Offline

#4 2008-10-08 11:13:42

iphitus
Forum Fellow
From: Melbourne, Australia
Registered: 2004-10-09
Posts: 4,927

Re: net-profiles/netcfg: wpa password is in plaintext in profile

Garns wrote:

You can use wpa-config and a wpa_supplicant config file, if you want to. But if somebody was reading my files I  the safety of my wireless profiles would be among the last things I'd worry about.

A supplicant config file is still effectively plain text (and as is chmodding) - someone can just transfer that conf to any other computer.

What he's asking for is a encrypted with password setup. I wonder whether it's worth the trouble *shrug*.

Offline

#5 2008-10-08 13:04:27

Garns
Member
Registered: 2008-05-28
Posts: 239

Re: net-profiles/netcfg: wpa password is in plaintext in profile

My bad, I thought there was some support in wpa_supplicant for passphrase encryption, however you are right of course, there isn't and I don't see the point anyway.

If you really care about this, you could encrypt your profiles and write some wrapper for netcfg to decrypt them when you use them.

Offline

#6 2008-10-08 14:52:50

rson451
Member
From: Annapolis, MD USA
Registered: 2007-04-15
Posts: 1,233
Website

Re: net-profiles/netcfg: wpa password is in plaintext in profile

IMO this would not be worth the trouble.  As Garns said, if someone is reading files on your local drive then you've got more to worry about.


archlinux - please read this and this — twice — then ask questions.
--
http://rsontech.net | http://github.com/rson

Offline

#7 2008-10-09 07:32:48

iphitus
Forum Fellow
From: Melbourne, Australia
Registered: 2004-10-09
Posts: 4,927

Re: net-profiles/netcfg: wpa password is in plaintext in profile

the question's not without reason. Layers of security is a good thing.

If the key is password encrypted, even if they get the file they still havn't compromised your network unless your password is stored locally or brute-forceable.

I don't have any plans to implement this in netcfg though, its not worth the hassle and could be done trivially by a wrapper around it.

Last edited by iphitus (2008-10-09 07:33:25)

Offline

#8 2008-10-09 15:03:20

fflarex
Member
Registered: 2007-09-15
Posts: 466

Re: net-profiles/netcfg: wpa password is in plaintext in profile

Encrypt your whole HDD with LUKS. Not perfect, but anyone who's able to get through LUKS you're probably not going to be able to stop anyway, even with more security measures, unless you're a security expert for a living or something.

Offline

#9 2008-10-10 01:55:54

chochem
Member
From: Denmark
Registered: 2008-03-02
Posts: 176
Website

Re: net-profiles/netcfg: wpa password is in plaintext in profile

Thanks for all the replies. I guess I didn't put that much thought into it - it just seemed like a no-no. I'm gonna take your word for it not being worth the bother.

Offline

#10 2008-10-10 03:44:57

fflarex
Member
Registered: 2007-09-15
Posts: 466

Re: net-profiles/netcfg: wpa password is in plaintext in profile

I could be wrong, but I think the reason for it not being worth the bother is not so much that it isn't a good feature, but because iphitus is trying to keep netcfg as simple as possible. Netcfg is just an easier way to connect to networks. It's not supposed to do anything else - no intelligence, not much security, etc. I think it was a legitimate request though.

Then again, it's just a shell script (or a couple of them I guess), so even if you're not a programmer, you could probably modify them (with a bit of work) to get what you want.

Offline

Board footer

Powered by FluxBB