Wifi password shown in human readable text in /etc/wpa_supplicant/wpa_supplicant.conf ??????

smooth_buddha

Active Member
Joined
Feb 13, 2020
Messages
362
Reaction score
244
Credits
1,648
On my raspberry pi4 i was shocked to find that my wifi password was stored in
/etc/wpa_supplicant/wpa_supplicant.conf

in a human readble format! I was surprised it wasn’t encrypted like the system user passwords in the shadow file.
Am I missing something here? does anybody know why it’s been set up this way. I know it’s a small risk but it’s means if anybody has access to your computer , and happens to know how to cat or read wpa_supplicant.conf then they could easily obtain your wifi password To your whole network.
I know this is highly unlikely but still I’m surprised it was set up that to show wifi password in human readable format
 


kibasnowpaw

Gold Member
Gold Supporter
Joined
Jan 2, 2022
Messages
143
Reaction score
84
Credits
1,156
This is what i have read "Storing passwords in wpa_supplicant.conf is not really a security risk, as the file is only readable by root." so as long people don't have root access to your pi4, then that shouldn't be a problem.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
6,432
Reaction score
5,708
Credits
51,767
N

NorthWest

Guest
smooth_buddha wrote:
On my raspberry pi4 i was shocked to find that my wifi password was stored in
/etc/wpa_supplicant/wpa_supplicant.conf

in a human readble format! I was surprised it wasn’t encrypted like the system user passwords in the shadow file.
Am I missing something here?
Not being familiar with raspberry pi at all, in debian, if the wpa_supplicant.conf file is created by using the command: wpa_passphrase, then I can delete the unencrypted password in wpa_supplicant.conf since that command creates the encrypted passphrase which is created on it's own line. So the command:
Code:
wpa_passphrase NetworkProvider PassWord > /etc/wpa_supplicant/wpa_supplicant.conf
produces something like:
Code:
network={
        ssid="NetworkProvider"
        #psk="PassWord"
        psk=b50d874221b48598127a65a69bac12f695c2
}
The commented line with the unencrypted password can be deleted since it's the psk=b... that is used as the password in the network configuration file: /etc/network/interfaces. Could be the same for raspberry pi since it's debian based.
 

tinfoil-hat

New Member
Joined
Oct 24, 2021
Messages
27
Reaction score
22
Credits
217
On my raspberry pi4 i was shocked to find that my wifi password was stored in
/etc/wpa_supplicant/wpa_supplicant.conf

in a human readble format! I was surprised it wasn’t encrypted like the system user passwords in the shadow file.
Am I missing something here? does anybody know why it’s been set up this way. I know it’s a small risk but it’s means if anybody has access to your computer , and happens to know how to cat or read wpa_supplicant.conf then they could easily obtain your wifi password To your whole network.
I know this is highly unlikely but still I’m surprised it was set up that to show wifi password in human readable format
Back from my school time we got Linux Laptops, and because of this behaviour I was able to get the schools wifi password. After this I was the cool kid at the schoolyard :)
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation


Top