On Mon, Feb 18, 2013 at 01:36:50PM -0500, Tim wrote: > I haven't seen the code yet, so I can't say how without some research. > Maybe it's not possible. It would be foolish to use wifi in a business > environment, but that doesn't mean it won't happen. ;) Employees > are the biggest security risk for a business, btw, rather than > non-employees. So you don't have a concrete use case but still want to see it happen? I'm not convinced by that statement in any case, sorry. I've seen home users that really wanted to compare the key they typed in, that was pregenerated by the manufacturer, with what they noted down. It's a shared secret, which is obviously weaker than a secret, like the user's password. On the other hand use wifi in a business environment is not foolish, but the use of pre-shared keys and doing an install over it might be (if you could PXE boot from wifi, for instance). Obviously it can happen, but what security advantage is gained by star'ing the password in the installer? The attack scenario is rather that the wifi potentially has untrusted computers on it. The only scenario I can come up with is that I'm sitting in the public library, setting up my computer from a CD using the public wifi. People could watch my computer as I type in the shared wifi passphrase. I'm not sure hiding that bit of information from the others that could sneak up and remember it makes up for the inconvience of not being able to double check the passphrase. (Which happens with the user password by typing it in twice.) Kind regards Philipp Kern
Attachment:
signature.asc
Description: Digital signature