[SOLVED] - CentOS 8 - WPA_PSK in clear text

Issues related to configuring your network
Post Reply
User avatar
warron.french
Posts: 616
Joined: 2014/03/27 20:21:58

[SOLVED] - CentOS 8 - WPA_PSK in clear text

Post by warron.french » 2020/02/14 05:08:08

I was perusing files under /etc/sysconfig/network-scripts and found the file keys-MyWiFiName the content of that file is:

Code: Select all

WPA_PSK="MyWiFi_Password"
Is this really appropriate? I would hope the WiFi password would be encrypted. No?
Last edited by warron.french on 2020/02/15 07:12:43, edited 1 time in total.
Thanks,
War

aks
Posts: 3073
Joined: 2014/09/20 11:22:14

Re: CentOS 8 - WPA_PSK in clear text

Post by aks » 2020/02/14 18:24:10

That's the way I used to do it (ages ago) and it works. I just made sure the permissions where appropriate.
Now I just make it NM's problem (and assume NM keeps the secret secret).

User avatar
warron.french
Posts: 616
Joined: 2014/03/27 20:21:58

Re: CentOS 8 - WPA_PSK in clear text

Post by warron.french » 2020/02/15 07:11:53

@aks, thanks for the feedback.

It still seems weird to me that the password isn't at least hashed or encrypted.

Understanding updated. This is my first dedicated hardware (laptop) Linux machine for personal use that I have built and of course, I am doing it with CentOS 8. I am kind of having fun with it!

Thanks.
Thanks,
War

User avatar
KernelOops
Posts: 428
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: [SOLVED] - CentOS 8 - WPA_PSK in clear text

Post by KernelOops » 2020/02/15 08:37:55

The wifi password has always been kept in clear text because in theory only root has access to it (via file permissions).

It could be encrypted with wpa_passphrase

Code: Select all

WPA_PASSPHRASE(8)                                                                                   WPA_PASSPHRASE(8)

NAME
       wpa_passphrase - Generate a WPA PSK from an ASCII passphrase for a SSID

SYNOPSIS
       wpa_passphrase [ ssid ]  [ passphrase ]

OVERVIEW
       wpa_passphrase  pre-computes  PSK  entries  for network configuration blocks of a wpa_supplicant.conf file. An
       ASCII passphrase and SSID are used to generate a 256-bit PSK.
--
R.I.P. CentOS :cry:
--

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: [SOLVED] - CentOS 8 - WPA_PSK in clear text

Post by TrevorH » 2020/02/15 13:08:33

It would also be fairly tricky to encrypt it in any useful manner as it would need to ask for a password to unlock the password so at that point, you might as well just tell it not to save the WPA password and have it ask for it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

aks
Posts: 3073
Joined: 2014/09/20 11:22:14

Re: [SOLVED] - CentOS 8 - WPA_PSK in clear text

Post by aks » 2020/02/16 19:37:01

Well it would have to be a reversible encryption anyway (i.e.: you can get the secrets without knowing/having anything else).

User avatar
warron.french
Posts: 616
Joined: 2014/03/27 20:21:58

Re: [SOLVED] - CentOS 8 - WPA_PSK in clear text

Post by warron.french » 2020/02/17 06:10:29

So, why can MS Windows store the WPA password but not in clear text?

This is more of an academic question really.
Thanks,
War

User avatar
warron.french
Posts: 616
Joined: 2014/03/27 20:21:58

Re: [SOLVED] - CentOS 8 - WPA_PSK in clear text

Post by warron.french » 2020/02/17 06:15:35

KernelOops wrote:
2020/02/15 08:37:55
The wifi password has always been kept in clear text because, in theory, only root has access to it (via file permissions).

It could be encrypted with wpa_passphrase

Code: Select all

WPA_PASSPHRASE(8)                                                                                   WPA_PASSPHRASE(8)

NAME
       wpa_passphrase - Generate a WPA PSK from an ASCII passphrase for an SSID

SYNOPSIS
       wpa_passphrase [ ssid ]  [ passphrase ]

OVERVIEW
       wpa_passphrase  pre-computes  PSK  entries for network configuration blocks of a wpa_supplicant.conf file. An
       ASCII passphrase and SSID are used to generate a 256-bit PSK.
@KernelOops if I use this WPA_PASSPHRASE do I copy the results into the field in the same place as the cleartext original password into the
same file?
Thanks,
War

User avatar
KernelOops
Posts: 428
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: [SOLVED] - CentOS 8 - WPA_PSK in clear text

Post by KernelOops » 2020/02/17 07:10:12

I haven't used it for a while so I don't remember how it works. Read the man page for the details:

Code: Select all

man wpa_passphrase
--
R.I.P. CentOS :cry:
--

User avatar
warron.french
Posts: 616
Joined: 2014/03/27 20:21:58

Re: [SOLVED] - CentOS 8 - WPA_PSK in clear text

Post by warron.french » 2020/02/21 05:10:08

@KernelOops, thanks.
Thanks,
War

Post Reply