Wifi password shown in human readable text in /etc/wpa_supplicant/wpa_supplicant.conf ??????

smooth_buddha

Active Member
Joined
Feb 13, 2020
Messages
362
Reaction score
246
Credits
1,648
On my raspberry pi4 i was shocked to find that my wifi password was stored in
/etc/wpa_supplicant/wpa_supplicant.conf

in a human readble format! I was surprised it wasn’t encrypted like the system user passwords in the shadow file.
Am I missing something here? does anybody know why it’s been set up this way. I know it’s a small risk but it’s means if anybody has access to your computer , and happens to know how to cat or read wpa_supplicant.conf then they could easily obtain your wifi password To your whole network.
I know this is highly unlikely but still I’m surprised it was set up that to show wifi password in human readable format
 


This is what i have read "Storing passwords in wpa_supplicant.conf is not really a security risk, as the file is only readable by root." so as long people don't have root access to your pi4, then that shouldn't be a problem.
 
smooth_buddha wrote:
On my raspberry pi4 i was shocked to find that my wifi password was stored in
/etc/wpa_supplicant/wpa_supplicant.conf

in a human readble format! I was surprised it wasn’t encrypted like the system user passwords in the shadow file.
Am I missing something here?
Not being familiar with raspberry pi at all, in debian, if the wpa_supplicant.conf file is created by using the command: wpa_passphrase, then I can delete the unencrypted password in wpa_supplicant.conf since that command creates the encrypted passphrase which is created on it's own line. So the command:
Code:
wpa_passphrase NetworkProvider PassWord > /etc/wpa_supplicant/wpa_supplicant.conf
produces something like:
Code:
network={
        ssid="NetworkProvider"
        #psk="PassWord"
        psk=b50d874221b48598127a65a69bac12f695c2
}
The commented line with the unencrypted password can be deleted since it's the psk=b... that is used as the password in the network configuration file: /etc/network/interfaces. Could be the same for raspberry pi since it's debian based.
 
On my raspberry pi4 i was shocked to find that my wifi password was stored in
/etc/wpa_supplicant/wpa_supplicant.conf

in a human readble format! I was surprised it wasn’t encrypted like the system user passwords in the shadow file.
Am I missing something here? does anybody know why it’s been set up this way. I know it’s a small risk but it’s means if anybody has access to your computer , and happens to know how to cat or read wpa_supplicant.conf then they could easily obtain your wifi password To your whole network.
I know this is highly unlikely but still I’m surprised it was set up that to show wifi password in human readable format
Back from my school time we got Linux Laptops, and because of this behaviour I was able to get the schools wifi password. After this I was the cool kid at the schoolyard :)
 
LOL Laptops hadn't even begun to be invented when I was in school.
 


Top