[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#768914: netcfg/wireless_wpa is type string, not type password

On Mon, Nov 10, 2014 at 05:07:25PM +1100, Trent W. Buck wrote:
> I just installed wheezy over WPA and ran into #694068.
> While investigating that, I grepped for my PSK across /.
> I found it in /var/log/installer/cdebconf/questions.dat under
> netcfg/wireless_wpa.  It is stored in cleartext; the file is only
> readable by root.
> In templates.dat (same dir), I see
>     Name: netcfg/wireless_wpa
>     Type: string
>     Description: WPA/WPA2 passphrase [...]
> Since it's a PASSPHRASE, shouldn't it be Type: password?
> Normal users cannot read questions.dat,
> so I don't think this is an immediate problem.
> (FWIW hostapd's wpa_psk_file option lets each device have its own PSK,
> so when Mallet is sacked and his PSK is revoked, he can't simply spoof
> Alice's MAC and use his PSK to get in.  I don't use EAP-TLS client
> certs because support for that is depressingly limited.
> This means my PSKs are "more secret" than your typical home network
> where there's one shared PSK that everyone knows.)

That discussion popped up earlier. The problem with "Type: password" is
that you don't see what you're typing in d-i and this may be desirable
given long complex passphrases (the over the shoulder attack was
discarded). Sadly there's no easy way to toggle display in debconf

But then this is the first time I read about this use of PSK instead of
normal EAP keying.

Kind regards
Philipp Kern

Attachment: signature.asc
Description: Digital signature

Reply to: