Date: Sun, 12 Jan 2025 18:06:28 +0100 (CET) From: Chris Moerz <freebsd@ny-central.org> To: Graham Perrin <grahamperrin@gmail.com> Cc: freebsd-desktop@freebsd.org, freebsd-enterprisewg@freebsd.org Subject: Re: [EWG] [LDWG] [FBSD_LDWG] (272902) Laptop Project: Wi-Fi privacy/security: clear-text passwords for WPA-EAP e.g. eduroam Message-ID: <ef1f03da-8455-7d7c-ef79-b8ac5bc4cd37@ny-central.org> In-Reply-To: <f1d818c4-3bac-4598-9545-4a57d8217415@gmail.com> References: <07e6179b-00de-4eeb-8282-527b477fdccc@gmail.com> <CAFYkXjnqfkDgxLSZAE4%2BvCqNPnz_A00XfbtYzg12YCWeu74TJw@mail.gmail.com> <f1d818c4-3bac-4598-9545-4a57d8217415@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 12 Jan 2025, Graham Perrin wrote: > On 11/01/2025 23:47, Tomek CEDRO wrote: > > > https://man.freebsd.org/cgi/man.cgi?wpa_passphrase ? :-) > > <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272902#c3>; a PSK is not > applicable in wpa_gui. > What would be the expected behavior/implementation in this case? I believe with regular WPA2, one can simply store the hash value instead of the password. I suspect that's what we would like to get for eduroam (TLS-EAP) too? Supposedly, this should generate a hash value that represents the password but we would likely have to update our stack to support this? echo -n password_here | iconv -t utf16le | openssl md4 (source: https://bbs.archlinux.org/viewtopic.php?id=144471) Alternatively, one could encrypt the password, but then we'd need to enter a password for decryption every time we want to read in the conf. chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ef1f03da-8455-7d7c-ef79-b8ac5bc4cd37>