Re: wpa_supplicant eap password

[patricio retamales <patricioretamales1%gmail.com@localhost>]

Hi, in wpa_supplicant.conf the password must be unreadable

# wpa_passphrase. 

network={

ssid="mywireless"

#psk="secretpassphrase" this line you can remove

psk=15c8682775e55d210841b7b6a4ce7386c2a8c6bd8295571ccd5bdfae2e22ec96 #this is you password encrypt

#You can add other options

}

You can change permissions on wpa_supplicant.conf 

e.g. chmod 0600 /etc/wpa_supplicant.conf to make it readable by root only.

2010/9/29 Victor Dorneanu <victor%dornea.nu@localhost>

Hmmm...but that is still plaintext. I'd like to 'encrypt' the password, make it unreadable..

--
Victor Dorneanu

Sent from my Nokia E72 using my brain.
http://dornea.nu

------- Original message -------

From: patricio retamales <patricioretamales1%gmail.com@localhost>
To: victor%dornea.nu@localhost
Cc: netbsd-users%netbsd.org@localhost, pkgsrc-users%netbsd.org@localhost
Sent: 29.9.'10,  14:55



2010/9/29 Victor Dorneanu <victor%dornea.nu@localhost>

Hi!

I've been trying to configure my wpa_supplicant client using EAP. Here's
my configuration:


network={
   ssid="xxx"
   key_mgmt=WPA-EAP
   eap=PEAP
   identity="xxxx@xxxxx"
   anonymous_identity="xxx@xxxxx"
   ca_cert="/etc/wpa_supplicant/xxxx.pem"
   phase1="peaplabel=0"
   phase2="auth=MSCHAPV2"
   priority=2
   password="secret password"
}

That works fine. Then I found this
(http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/wpa_supplicant.conf):

..

# password: Password string for EAP. This field can include either the
#       plaintext password (using ASCII or hex string) or a NtPasswordHash
#       (16-byte MD4 hash of password) in hash:<32 hex digits> format.
#       NtPasswordHash can only be used when the password is for MSCHAPv2 or
#       MSCHAP (EAP-MSCHAPv2, EAP-TTLS/MSCHAPv2, EAP-TTLS/MSCHAP, LEAP).
#       EAP-PSK (128-bit PSK), EAP-PAX (128-bit PSK), and EAP-SAKE (256-bit
#       PSK) is also configured using this field. For EAP-GPSK, this is a
#       variable length PSK.

..


How do I specify a hash password in my configuration? I don't like
plaintext passwords hanging around in configuration files. Any ideas?


Cheers,

Victor

--
Victor Dorneanu

Contact
- Web/Blog: http://dornea.nu

GnuPG information
- KeyID = 0xD20870F4 (pgp.mit.edu)
- Key fingerprint = DD6B 5E09 242F 7410 3F90 492A 4CBA FD13 D208 70F4

Hi, try this
 wpa_passphrase mywireless "secretpassphrase" >> /etc/wpa_supplicant.conf

before you can modify the options that you want.
Sorry my bad english.

--
Atte.
Patricio Antonio Retamales Vera.
Analista Programador Computacional.