Linux Distributions Storing Wi-Fi Passwords In Plain Text

Bill Dimm writes "An article on Softpedia claims that Linux distributions using NetworkManager are storing Wi-Fi passwords in plain text in /etc by default. The article recommends encrypting the full disk or removing NetworkManager and using a different tool like netctl. Some of the article comments claim the article is FUD. Is this a real problem?"

KNetworkManager

[chill]

Simple. Stop using Gnome shit.

How can I store passphrases associated with encrypted wireless networks?
The first time KNetworkManager is used, it will try to set up the KDE Wallet (encrypted password storage) to save wireless network passphrases and other passwords. If you choose not to use KWallet, KNetworkManager will store passwords in its configuration files, only readable by the logged in user.

http://old-en.opensuse.org/Projects/KNetworkManager#Wireless_LAN

Re:KNetworkManager

Are you stupid? NetworkManager is the same underlying component. It will also store passwords in plain text for _system_ connections, where KWallet is unavailable (it is only available after graphical login).

This is a non-story. Every other operating system not only does exactly the same, they are forced to do the same. Because there is no other way unless you want your Wi-Fi to be offline until you login, and if you do, well, then this problem is not present because NetworkManager will use KWallet OR gnome-wallet, depending on the session you opened.

The author basically manually checked the "I want to make this connection available to other users" checkbox and then is surprised when the connection is actually made available to other users. Stupidity, plain and simple.

Re:KNetworkManager

[TheCarp]

I mostly agree, especially about it being a non-story.

Part of the issue, I think, is conflating a wifi password with other passwords. A wifi password has several properties that set it apart from others.

For one thing, it is usually shared between devices, even ones used by different people (lets ignore advanced schemes, if you are setting up some manner of authentication none of this applies).

Secondly, it is only useful within a small geographic location. A website or email password can be used by someone half the world away. A wifi password is only useful within range of your particular access point.

Thirdly, the exposure is mostly limited. While its true that someone could drive up to your AP and start transmitting child porn, and that could lead to some serious consequences; the real abuses here are only attractive to a limited audience and not something generally useful or generally financially useful.... it doesn't give them access to your accounts, even your email downloads are likely encrypted to him.

Overall, exploiting this is more work than it is worth much of the time, and if it wasn't, it isn't like it is impossible to add more controls. If you really are paranoid, you can always drop wifi devices onto their own segment that can only talk to a VPN endpoint....shit then you can run the wifi passwordless and use the VPN for protection.

In any case, this is 99.9% a non-issue.

Re:KNetworkManager

[deviated_prevert]

It is not important that the directory /etc is not visible without root over a network connection! What is important is that most people who read this article will now claim that core Linux network managers are insecure,,,LOL

OF course if you enable remote access to any OS as root then all bets are off. You either make damn sure that whoever has access is trusted or you are stupid, Lets not cloud the article with inconvenient facts like network access to a box as root is not enabled by default and anyone who enables it by default unless they are absolutely stupid or the connection is encrypted and otherwise network secure deserves to get hosed.

Getting in the habit of not having to have root all the time is the strength of Linux and is why Windows sucks dead horse balls as an unprivileged user under Windows gets plastered with requests for the system password all the time. Whereas most Linux distros have software access privileges set in a sensible way WHICH DOES NOT INCLUDE THE ABILITY TO READ AND WRITE TO PLACES LIKE /usr /etc /var unless you are installing software and people who write software for Linux do not expect to write configurations anywhere except in the home user after an install. If someone writes a program which will send password data from /etc to a honeypot and that program is popular because it makes fart noises or plays poker on the net then as far as I am concerned the users got what the deserve. Same as Windows users that install garbage ware at the drop of a hat so that they can do something like play poker on the net from places like gamerareus.ru or happy_nice_pussgames.ru or bollywoodsy_games_freesongs.in ...as one of my friends seems to have a habit of doing so that he can play games on his WINDOWS laptop.

THIS WHOLE FREAKING ARTICLE IS MORE BULLSHIT AND FUD to amuse the crowd who come to slashdot to bash away at Linux most of whom do not even know wtf /etc is in the first place!

If a person that has root wants to enable a login by a passphrase at boot they can or with any linux distro they can choose to only enable network login after a user login EITHER WAY IS SECURE because the place where the passphrase is stored is invisible to the network, unless like I said remote login via root is enabled. Again it comes down to trust, you either trust the user or you do not plain and simple.

THE ONLY REASON YOU CAN TRUST OSS ON LINUX is because you can see the source and there is nowhere for malware to hide. Anyone that writes and compiles a binary for Linux then does not allow access to the source is on the same level of trust as those who write software for Windows. IT ALL COMES DOWN TO TRUST. Be very suspicious of any software for Linux that requires /root r+w after install. Gnome 2 network manager was flakey and thank heavens they fixed it in Gnome 3 the fact that it wrote network passphrases to a file in /etc was not a security issue unless someone wrote a piece of spyware to discover them and linux users were stupid enough to run it as root. Something which no one here seems to think has actually occurred. If someone argues this then point out the actual malware that Linux users were hosed by...eof and end of story.

From a comment there

While it is true that the passwords are stored as plain text, in order to view the "plain text" one must have root privileges to view the text file.

  I would venture to state that "if" one's system is open enough (a stranger has root privileges) for some unwanted person to view that text file, then one has much more to worry about than the fact that one's wifi password is not encrypted.

  Also, to fix it, one must disable the "Available to All Users" option... thus requiring one to enter one's password for wifi on every login... which is annoying to say the least.

  Personally, I think the issue is pretty much a mountain out of a molehill... because, and again, if to view it, you have to be root, then the whole system is vulnerable and not just the wifi password.

Which completely ignores security vulnerabilities in Linux, as many advocates do. Still, the relevant point is that for someone to steal your wifi password this way, they're already in position to do much worse.

Re:From a comment there

[gweihir]

No, it does not. Have you actually read the part "" one's system is open enough (a stranger has root privileges) for some unwanted person to view that text file, then one has much more to worry about than the fact that one's wifi password is not encrypted."? Apparently not. As the password has to be available in plain at the authentication time, this nicely sums up, why the password storage is not a problem. But to understand that, you would actually need to have a minimal clue what you are talking about...

Re:FUD

[sideslash]

It's anti-Linux [...] -Stallman fan

Fraudster! You didn't put GNU/Linux.

FUD, I am a fraid

[gweihir]

Generally, storing passwords on the verifying machine in plain is a really bad idea. This is not the verifying machine. On the supplying machine, you usually do not have a choice but allow access to the plain-text password, how else would it be supplied? Hence, while you can store it encrypted, that encryption must either be automatically reversible (making it pointless) or protected by an additional password the user enters each time (making the storing pointless).

So, no, these people crying "insecure" do not understand what they are talking about and do not know that either (Dunning-Kruger Effect at work). This particular kind of incompetence has seen an increase with the Snowden-relevations, where people with no clue about IT security, risk evaluation or crypto do "pattern matching" with a list of "bad" things in crypto, like "password stored in plain", "SHA1" and then claim insecurity when the keywords turn up in something. They are basically always wrong, because they do not even begin to understand the specific use of the mechanism. Typically the do not even have beginner-level knowledge, like these cretins here. Otherwise they would have understood that Wi-Fi does not do a challenge response authentication with a shared secret, but a plain, one-way password submission. For these, the password does need to be available in plain or things cannot work. Instead, these idiots cry "insecure".

The only possible other explanation I have is that these people are NSA shills that try to confuse the issue.

Re:It's true -- but only root can read them though

[Grishnakh]

If someone has physical access to your drive, you have much, much worse problems than someone sniffing your WiFi traffic. To do this, someone has trespassed into your house. I'm much more concerned with strangers stomping around my living room than I am about someone sniffing my WiFi traffic.