question about network configuration in wpa_supplicant.conf

Osho GG oshogg at gmail.com
Mon Jul 31 09:41:05 EDT 2006


On 7/31/06, Bryan Kadzban <bryan at kadzban.is-a-geek.net> wrote:
> Osho GG wrote:
> > Well, I was hoping that wpa_supplicant can use the encrypted version
> > of this password :) (like it does for psk).
>
> The PSK is *NOT* encrypted, it's just in a hex format.  Anyone can use
> that string of hex bytes instead of a text passphrase, and still connect
> to your PSK network.
>

Thanks for the explanation :).

> (Every supplicant actually uses the hashed (hex-bytes) value in the
> 4-way handshake, not the text passphrase.  Most allow you to type in
> either.  Certainly the XP supplicant allows you to type in either.)
>
> > and is reasonably secure as the password is not saved anywhere in
> > plain text.
>
> Except it is stored as a LanMan hash by default (extraordinarily easy to
> de-hash)...  but that's a separate issue.
>
> > Could wpa be configured in such a manner that it can use my linux
> > user password (or even root password)
>
> Not that I know of, but why would you want to use the same password
> anyway?

I know it would not be a good idea security wise to do so. However, I
am just trying to find some way to comply with the security guidelines
at where I am (one of the guideline is that no password should be
stored in plain text anywhere).

> And if you aren't using the same password, would that make it a
> lot less of a problem that it's saved in plain-text, because it isn't
> used for anything else?
>

Unfortunately, this password (which has to be same as my windows
password due to the administration's configuration of wireless access
points) is used *everywhere* for all internal websites.

thanks,
Osho



More information about the HostAP mailing list