[Freedombox-discuss] Unencrypted passwords
- Subject: [Freedombox-discuss] Unencrypted passwords
- From: email@example.com (Philip Hands)
- Date: Wed, 01 Jan 2014 10:58:54 +0000
- Message-id: <[🔎] firstname.lastname@example.org>
- In-reply-to: <email@example.com>
- References: <CACXcFmn9B9jZSRG=rnOySWq+hgmZM3q8a2TvQL9Gm2yoVfirstname.lastname@example.org> <email@example.com>
Nick Daly <nick.m.daly at gmail.com> writes:
> Sandy Harris <sandyinchina at gmail.com> writes:
>> (from Slashdot) A claim that various distros store wifi passwords
>> unencrypted. Does this affect us?
> As far as I can tell, this specific case (though not the concept) is
> irrelevant to the FreedomBox server. The article discusses storing
> unencrypted wireless passwords on the hard-drive of the client device.
> This article is saying that:
> "If someone has physical access to your laptop, they'll probably be able
> to read the passwords that you use to connect to wireless networks."
I'm reasonably sure that this plain-text storage only actually happens
with Network Manager if you set the network to be active for all users.
I really don't see what the complaint here is -- it seems that someone
managed to pick up the "plaintext == BAD!!!" meme, and has applied it
If you want the WiFi to come up before any user interaction (which is
what the "available to all users" bit means) then the machine is going
to need plaintext access to the password.
What else does this person expect?
I presume they want some sort of security by obscurity added on, so that
it looks like the password is encrypted, because it's stored in base64,
or has been XORed with "sNaKe-OiL" or some such nonsense.
This strikes me as equivalent to some newbie health and safely official
trying to insist that Speedway Motorcycles should be fitted with ABS
while failing to notice that they don't actually have any brakes.
|)| Philip Hands [+44 (0)20 8530 9560] http://www.hands.com/
|-| HANDS.COM Ltd. http://ftp.uk.debian.org/
|(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 835 bytes
Desc: not available