On Mon, Feb 18, 2013 at 01:36:50PM -0500, Tim wrote:
I haven't seen the code yet, so I can't say how without some research.
Maybe it's not possible. It would be foolish to use wifi in a business
environment, but that doesn't mean it won't happen. ;) Employees
are the biggest security risk for a business, btw, rather than
non-employees.
So you don't have a concrete use case but still want to see it happen?
I'm not convinced by that statement in any case, sorry.
I've seen home users that really wanted to compare the key they typed
in, that was pregenerated by the manufacturer, with what they noted
down. It's a shared secret, which is obviously weaker than a secret,
like the user's password.
On the other hand use wifi in a business environment is not foolish, but
the use of pre-shared keys and doing an install over it might be
(if you could PXE boot from wifi, for instance). Obviously it can
happen, but what security advantage is gained by star'ing the password
in the installer? The attack scenario is rather that the wifi
potentially has untrusted computers on it.
The only scenario I can come up with is that I'm sitting in the public
library, setting up my computer from a CD using the public wifi. People
could watch my computer as I type in the shared wifi passphrase. I'm
not sure hiding that bit of information from the others that could
sneak up and remember it makes up for the inconvience of not being
able to double check the passphrase. (Which happens with the user
password by typing it in twice.)
Kind regards
Philipp Kern