NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: wpa_supplicant eap password



Hi, in wpa_supplicant.conf the password must be unreadable

# wpa_passphrase.
network={
ssid="mywireless"
#psk="secretpassphrase" this line you can remove
psk=15c8682775e55d210841b7b6a4ce7386c2a8c6bd8295571ccd5bdfae2e22ec96 #this
is you password encrypt
#You can add other options
}

You can change permissions on wpa_supplicant.conf
e.g. chmod 0600 /etc/wpa_supplicant.conf to make it readable by root only.

2010/9/29 Victor Dorneanu <victor%dornea.nu@localhost>

> Hmmm...but that is still plaintext. I'd like to 'encrypt' the password,
> make it unreadable..
>
> --
> Victor Dorneanu
>
> Sent from my Nokia E72 using my brain.
> http://dornea.nu
>
>
> ------- Original message -------
>
>> From: patricio retamales <patricioretamales1%gmail.com@localhost>
>> To: victor%dornea.nu@localhost
>> Cc: netbsd-users%netbsd.org@localhost, pkgsrc-users%netbsd.org@localhost
>> Sent: 29.9.'10,  14:55
>>
>>
>>
>> 2010/9/29 Victor Dorneanu <victor%dornea.nu@localhost>
>>
>>> Hi!
>>>
>>> I've been trying to configure my wpa_supplicant client using EAP. Here's
>>> my configuration:
>>>
>>>
>>> network={
>>>    ssid="xxx"
>>>    key_mgmt=WPA-EAP
>>>    eap=PEAP
>>>    identity="xxxx@xxxxx"
>>>    anonymous_identity="xxx@xxxxx"
>>>    ca_cert="/etc/wpa_supplicant/xxxx.pem"
>>>    phase1="peaplabel=0"
>>>    phase2="auth=MSCHAPV2"
>>>    priority=2
>>>    password="secret password"
>>> }
>>>
>>> That works fine. Then I found this
>>> (
>>> http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/wpa_supplicant.conf
>>> ):
>>>
>>> ...
>>>
>>> # password: Password string for EAP. This field can include either the
>>> #       plaintext password (using ASCII or hex string) or a
>>> NtPasswordHash
>>> #       (16-byte MD4 hash of password) in hash:<32 hex digits> format.
>>> #       NtPasswordHash can only be used when the password is for MSCHAPv2
>>> or
>>> #       MSCHAP (EAP-MSCHAPv2, EAP-TTLS/MSCHAPv2, EAP-TTLS/MSCHAP, LEAP).
>>> #       EAP-PSK (128-bit PSK), EAP-PAX (128-bit PSK), and EAP-SAKE
>>> (256-bit
>>> #       PSK) is also configured using this field. For EAP-GPSK, this is a
>>> #       variable length PSK.
>>>
>>> ...
>>>
>>>
>>> How do I specify a hash password in my configuration? I don't like
>>> plaintext passwords hanging around in configuration files. Any ideas?
>>>
>>>
>>> Cheers,
>>>
>>> Victor
>>>
>>> --
>>> Victor Dorneanu
>>>
>>> Contact
>>> - Web/Blog: http://dornea.nu
>>>
>>> GnuPG information
>>> - KeyID = 0xD20870F4 (pgp.mit.edu)
>>> - Key fingerprint = DD6B 5E09 242F 7410 3F90 492A 4CBA FD13 D208 70F4
>>>
>>>
>>>
>>>
>>>  Hi, try this
>>  wpa_passphrase mywireless "secretpassphrase" >> /etc/wpa_supplicant.conf
>>
>> before you can modify the options that you want.
>> Sorry my bad english.
>>
>
>


-- 
Atte.
Patricio Antonio Retamales Vera.
Analista Programador Computacional.


Home | Main Index | Thread Index | Old Index