View previous topic :: View next topic |
Author |
Message |
ppurka Advocate

Joined: 26 Dec 2004 Posts: 3247
|
Posted: Sat Dec 28, 2013 10:14 am Post subject: oh no! wifi passwordsare stored in plain text! |
|
|
http://www.itworld.com/open-source/397843/did-ubuntu-goof-storing-wi-fi-passwords-clear-text
That is so incredibly bad! Now we need a pass-me-the-word-kit (pmtwkit) that will securely store our wifi passwords using 16384 bit one-way encryption. This will be futuristic kit using which networkmanager will be able to query for the password using dbus and pmtwkit will return you the password via dbus.
However, there is just one problem. All these low level wpa_supplicant, dhcpcd do not understand dbus and so do not fit this model. Dbus-aware networking component should be integrated with systemd to efficiently and transparently talk over dbus with networkmanager. After these changes wpa_supplicant, dhcp clients, etc will not be supported anymore. In the far future, we in fact need to merge nm into systemd so that there is no need to even use dbus. At that point we can deprecate pmtwkit. _________________ emerge --quiet redefined | E17 vids: I, II | Now using e from git | e18, e19, and kde4 sucks :-/ |
|
Back to top |
|
 |
Muso l33t


Joined: 22 Oct 2002 Posts: 686 Location: The Holy city of Honolulu
|
Posted: Sat Dec 28, 2013 10:18 am Post subject: Re: oh no! wifi passwordsare stored in plain text! |
|
|
ppurka wrote: | That is so incredibly bad! |
Beyond bad, it's stupid. _________________ People Of Love
Kindness Evokes Kindness
Peace Emits Positive Energy |
|
Back to top |
|
 |
Bones McCracker Veteran


Joined: 14 Mar 2006 Posts: 1605 Location: U.S.A.
|
Posted: Sat Dec 28, 2013 1:12 pm Post subject: Re: oh no! wifi passwordsare stored in plain text! |
|
|
ppurka wrote: | http://www.itworld.com/open-source/397843/did-ubuntu-goof-storing-wi-fi-passwords-clear-text
That is so incredibly bad! Now we need a pass-me-the-word-kit (pmtwkit) that will securely store our wifi passwords using 16384 bit one-way encryption. This will be futuristic kit using which networkmanager will be able to query for the password using dbus and pmtwkit will return you the password via dbus.
However, there is just one problem. All these low level wpa_supplicant, dhcpcd do not understand dbus and so do not fit this model. Dbus-aware networking component should be integrated with systemd to efficiently and transparently talk over dbus with networkmanager. After these changes wpa_supplicant, dhcp clients, etc will not be supported anymore. In the far future, we in fact need to merge nm into systemd so that there is no need to even use dbus. At that point we can deprecate pmtwkit. |
What is sad is that this is frighteningly close to the truth. It makes me want to bang my head on the table. _________________
patrix_neo wrote: | The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it. |
|
|
Back to top |
|
 |
ppurka Advocate

Joined: 26 Dec 2004 Posts: 3247
|
Posted: Sat Dec 28, 2013 1:57 pm Post subject: Re: oh no! wifi passwordsare stored in plain text! |
|
|
BoneKracker wrote: | What is sad is that this is frighteningly close to the truth. It makes me want to bang my head on the table. | It's a reflection of the past projected on to the future.  _________________ emerge --quiet redefined | E17 vids: I, II | Now using e from git | e18, e19, and kde4 sucks :-/ |
|
Back to top |
|
 |
salahx Guru

Joined: 12 Mar 2005 Posts: 432
|
Posted: Sat Dec 28, 2013 8:43 pm Post subject: |
|
|
The files (though not the directory itself) /etc/NetworkManager/system-connection has permissions of 600, so only root can read them anyway. So this is a non-concern.
Second, pmtwkit already exists (although i am unsure if its been implemented or not) - http://freedesktop.org/wiki/Specifications/secret-storage-spec/ . Although that service is a per-user service, it would make less sense to create a system one since the user keyring are encrypted using the user's password, no such password exists (unless the system has a TPM or similar) on the system so it no better than what's already being done now. |
|
Back to top |
|
 |
wswartzendruber Veteran


Joined: 23 Mar 2004 Posts: 1243 Location: ID, USA
|
Posted: Sat Dec 28, 2013 8:53 pm Post subject: |
|
|
I'm also trying to understand what the big deal is. |
|
Back to top |
|
 |
pjp Administrator


Joined: 16 Apr 2002 Posts: 17130
|
Posted: Sat Dec 28, 2013 11:43 pm Post subject: Re: oh no! wifi passwordsare stored in plain text! |
|
|
ppurka wrote: | Now we need [...] However, there is just one problem. All these [...] do not fit this model. | systemd. _________________ I can saw a woman in two, but you won't want to look in the box when I'm through.
For my next trick, I'll need a volunteer. |
|
Back to top |
|
 |
Greens n00b

Joined: 23 Aug 2013 Posts: 27
|
Posted: Sun Dec 29, 2013 3:58 pm Post subject: |
|
|
It actually requires root access to read it.
If someone suspicious has root access to your computer or is sitting there booting a livecd to look at your unencrypted disk, I don't think they care much about your wifi password, maybe they'd check it to see if your using it for anything else. |
|
Back to top |
|
 |
Bones McCracker Veteran


Joined: 14 Mar 2006 Posts: 1605 Location: U.S.A.
|
Posted: Sun Dec 29, 2013 8:28 pm Post subject: |
|
|
Yeah, fuck it. _________________
patrix_neo wrote: | The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it. |
|
|
Back to top |
|
 |
Naib Watchman


Joined: 21 May 2004 Posts: 5273 Location: Removed by Neddy
|
Posted: Sun Dec 29, 2013 8:55 pm Post subject: |
|
|
Greens wrote: | It actually requires root access to read it.
If someone suspicious has root access to your computer or is sitting there booting a livecd to look at your unencrypted disk, I don't think they care much about your wifi password, maybe they'd check it to see if your using it for anything else. |
exactly... as wswartzendruber posted as well...
thats why I don't mind my samba credential files are "plain text" since they are 600 anyway...
for them to read that and my wifi files... some srs issues must have occured. Nice if they were encrypted BUT if non-root users or non-root process do not need to read them then ... its a problem for another day rather than feeding the sysd monster pushing into the linux userland. _________________ The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king |
|
Back to top |
|
 |
Bones McCracker Veteran


Joined: 14 Mar 2006 Posts: 1605 Location: U.S.A.
|
Posted: Sun Dec 29, 2013 9:35 pm Post subject: |
|
|
Yeah, that's all the security anybody needs: root access or no root access. _________________
patrix_neo wrote: | The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it. |
|
|
Back to top |
|
 |
ppurka Advocate

Joined: 26 Dec 2004 Posts: 3247
|
Posted: Mon Dec 30, 2013 7:14 am Post subject: |
|
|
I guess the ubuntu guys panic because of the bad way sudo is (mis)configured in their systems - any command can be run with sudo, and once credentials are provided, the user remains authenticated for about 15 or so minutes.
Ideally, they either should enable sudo only for some very specific applications by default (package manager, system settings like time, etc), OR they should simply not enable sudo with a timeout. Ask for the user password every single time one needs to access anything using sudo. _________________ emerge --quiet redefined | E17 vids: I, II | Now using e from git | e18, e19, and kde4 sucks :-/ |
|
Back to top |
|
 |
|