3

I have an application that generates the /etc/network/interfaces file for connecting to the users wifi network. This application uses wpa_passphrase to generate the psk, which is then copied into the interfaces file.

is exposing the psk in /etc/network/interfaces a security risk?

For example: (the passphrase in this case is asdfASDF123)

auto wlan0
iface wlan0 inet dhcp
wpa-ssid homeWifi
wpa-psk f4a4c36b738fd7340d0959e307dd76f05a9c5da5801a5f1ba08a5b2fafdfc067
monzie
  • 133
  • 2
  • I just learned that NetworkManager stores the unencrypted password in /etc/NetworkManager/system-connections/ so there is no additional security risk storing it in interfaces. – monzie Oct 15 '13 at 13:36

2 Answers2

1

Yes, but as always there is a trade-off between security and convenience. If you don't want the user to have to type the passphrase every time, then you have to store the PSK on the machine somewhere.

Graham Hill
  • 15,594
  • 38
  • 63
0

Anybody who can read the file where the PSK is, can use it to himself connect to the WiFi. This is a security risk only insofar as people who can read the file may not necessarily be allowed to connect to the WiFi. Otherwise, this is rather a non-issue.

Be aware that "people who can read the file" includes "people who can steal an old backup tape or retrieve a discarded hard disk from the garbage bin".

Tom Leek
  • 172,594
  • 29
  • 349
  • 481
  • So there is no point in using wpa_passphrase? ie. the interfaces file could just as well contain the passphrase in clear text? – monzie Oct 15 '13 at 13:26