You are not logged in.
As the heading says: Reviewing the security of the setup, I realized that having the wpa password lying in plaintext on the drive seems a bit careless. Any way of having it encrypted?
Offline
chmod it so users can't access it is a good start.
Offline
You can use wpa-config and a wpa_supplicant config file, if you want to. But if somebody was reading my files I the safety of my wireless profiles would be among the last things I'd worry about.
Offline
You can use wpa-config and a wpa_supplicant config file, if you want to. But if somebody was reading my files I the safety of my wireless profiles would be among the last things I'd worry about.
A supplicant config file is still effectively plain text (and as is chmodding) - someone can just transfer that conf to any other computer.
What he's asking for is a encrypted with password setup. I wonder whether it's worth the trouble *shrug*.
Offline
My bad, I thought there was some support in wpa_supplicant for passphrase encryption, however you are right of course, there isn't and I don't see the point anyway.
If you really care about this, you could encrypt your profiles and write some wrapper for netcfg to decrypt them when you use them.
Offline
IMO this would not be worth the trouble. As Garns said, if someone is reading files on your local drive then you've got more to worry about.
archlinux - please read this and this — twice — then ask questions.
--
http://rsontech.net | http://github.com/rson
Offline
the question's not without reason. Layers of security is a good thing.
If the key is password encrypted, even if they get the file they still havn't compromised your network unless your password is stored locally or brute-forceable.
I don't have any plans to implement this in netcfg though, its not worth the hassle and could be done trivially by a wrapper around it.
Last edited by iphitus (2008-10-09 07:33:25)
Offline
Encrypt your whole HDD with LUKS. Not perfect, but anyone who's able to get through LUKS you're probably not going to be able to stop anyway, even with more security measures, unless you're a security expert for a living or something.
Offline
Thanks for all the replies. I guess I didn't put that much thought into it - it just seemed like a no-no. I'm gonna take your word for it not being worth the bother.
Offline
I could be wrong, but I think the reason for it not being worth the bother is not so much that it isn't a good feature, but because iphitus is trying to keep netcfg as simple as possible. Netcfg is just an easier way to connect to networks. It's not supposed to do anything else - no intelligence, not much security, etc. I think it was a legitimate request though.
Then again, it's just a shell script (or a couple of them I guess), so even if you're not a programmer, you could probably modify them (with a bit of work) to get what you want.
Offline