question about network configuration in wpa_supplicant.conf
Osho GG
oshogg
Mon Jul 31 06:41:05 PDT 2006
On 7/31/06, Bryan Kadzban <bryan at kadzban.is-a-geek.net> wrote:
> Osho GG wrote:
> > Well, I was hoping that wpa_supplicant can use the encrypted version
> > of this password :) (like it does for psk).
>
> The PSK is *NOT* encrypted, it's just in a hex format. Anyone can use
> that string of hex bytes instead of a text passphrase, and still connect
> to your PSK network.
>
Thanks for the explanation :).
> (Every supplicant actually uses the hashed (hex-bytes) value in the
> 4-way handshake, not the text passphrase. Most allow you to type in
> either. Certainly the XP supplicant allows you to type in either.)
>
> > and is reasonably secure as the password is not saved anywhere in
> > plain text.
>
> Except it is stored as a LanMan hash by default (extraordinarily easy to
> de-hash)... but that's a separate issue.
>
> > Could wpa be configured in such a manner that it can use my linux
> > user password (or even root password)
>
> Not that I know of, but why would you want to use the same password
> anyway?
I know it would not be a good idea security wise to do so. However, I
am just trying to find some way to comply with the security guidelines
at where I am (one of the guideline is that no password should be
stored in plain text anywhere).
> And if you aren't using the same password, would that make it a
> lot less of a problem that it's saved in plain-text, because it isn't
> used for anything else?
>
Unfortunately, this password (which has to be same as my windows
password due to the administration's configuration of wireless access
points) is used *everywhere* for all internal websites.
thanks,
Osho
More information about the Hostap
mailing list