Posts: 128
Joined: Sun Dec 23, 2012 9:44 pm

Controlling access to wpa_supplicant

Sun Jan 19, 2014 11:40 pm

Hi folks

I'm somewhat concerned that wpa_supplicant stores WPA2 passphrases in plain text.

Whilst I can prevent users logged onto the Pi from accessing the file unless they are root (using chmod 0600), a theoretical possibility but an unlikely need on the Pi, I am concerned that the file is easily read from the SD card on any linux machine.

This fear is perhaps justified when you consider that my Pi is in use in a relatively insecure location, outside of the building in which the wifi router is located. I also have various Python files which contain email passwords, etc.

Can anyone offer any advice on improving the security to counteract any attempt, by a more competent thief perhaps, from obtaining such a wealth of user information?

Thanks in advance

User avatar
Posts: 40825
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: Controlling access to wpa_supplicant

Sun Jan 19, 2014 11:45 pm

If I got hold of the hard disk in your laptop I could determine exactly the same stuff.

Security includes physical security. If I get your SDCard or a *img of it then all bets are off.

If you are very paranoid you'll have to look at luks and encryption.

I'm not paranoid enough to go through that pain.

The other option is a separate access point, separate subnet and a strong firewall between your network and that special subnet with your RPi. If it got compromised you'd be able to isolate it and re-secure it. Nothing lost apart from your compromised external hardware.
Any language using left-hand whitespace for syntax is ridiculous

Any DMs sent on Twitter will be answered next month.
Fake doctors - are all on my foes list.

Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Return to “Raspberry Pi OS”