From nobody Sun Jan 12 17:06:28 2025 X-Original-To: freebsd-desktop@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YWMHl0lLxz5kySB; Sun, 12 Jan 2025 17:06:43 +0000 (UTC) (envelope-from freebsd@ny-central.org) Received: from mail2.ny-central.com (mail2.ny-central.com [173.212.246.2]) by mx1.freebsd.org (Postfix) with ESMTP id 4YWMHk6xS9z42LQ; Sun, 12 Jan 2025 17:06:42 +0000 (UTC) (envelope-from freebsd@ny-central.org) Authentication-Results: mx1.freebsd.org; none X-Virus-Scanned: amavisd-new at ny-central.com DKIM-Filter: OpenDKIM Filter v2.10.3 mail2.ny-central.com D47CA1AF28F DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ny-central.org; s=202405; t=1736701601; bh=ozPNqje+QC2mjx9hA4UCuEuH3a2i/5xSMYZw70ZCuhw=; h=Date:From:To:cc:Subject:In-Reply-To:References; z=Date:=20Sun,=2012=20Jan=202025=2018:06:28=20+0100=20(CET)|From:=2 0Chris=20Moerz=20|To:=20Graham=20Perrin=20 |cc:=20freebsd-desktop@freebsd.org,=20free bsd-enterprisewg@freebsd.org|Subject:=20Re:=20[EWG]=20[LDWG]=20[FB SD_LDWG]=20(272902)=20Laptop=20Project:=20Wi-Fi=0D=0A=20privacy/se curity:=20clear-text=20passwords=20for=20WPA-EAP=20e.g.=20eduroam| In-Reply-To:=20|Re ferences:=20<07e6179b-00de-4eeb-8282-527b477fdccc@gmail.com>=20= 20; b=dgKTmutqW4l8YYb7FzxCYLRXEyjRPtTinvBE4k90X/3Af3oKahswHUx3QaOV2IxOH ugqu8lifHyy/FxTQIrDEZtMhpKfkHzWAPzY0X4KDkClMGAb9qatVFShzTy0tyEkKrJ 4FXR2IM+H1rwjTzc55p9K940J187WxR4Qp8jADCiGrMJ5N7WjjKSIUFoXwRL7t0rjw 1+AsV5QeQV2bdjjoQ83kSH7tIJxYH1RkoG5c9MxKItsruqmymUpWwu15TZZmH8C5Tr v5ubrhNg9pct+ApSP8nsa7AXW9vG0CkymD/sNA+pjkeYZi9+xfSAoEkfRBtJ77pACX JWPGx92CLmSDMD6qyfqxYxyFCM+Y1AVZy6/IC075NYxQCYF/Ua44997VTDFwTMrtU4 vwskCZrkLL4p7JaGwkSNG6IQYJpaTufRju2yLleE05FTjCVZ9i8gwJc1xcjvCU5Yd1 SxKx91t5KqwQHASDzMmJqrSbuQsIKVncvXK/sGTVyG7CbLCih4ZnsnxMksJrrE0ARk o134J5rsN2trMg7SOQcrgElV6UvLBYIubkUZyR8CVrQQVdnwBXswyPZe9bLph2NiEs HyH2SI8wee/8pWtxAjuljtI2tKw9cMy9FPfUcFWqDi7yEwFxA4328t2XL58jQS6ZPM p3RlRflP299y5fDHAbVk+vTc= Received: from tenforward.ny-central.local (unknown [192.168.11.104]) by mail2.ny-central.com (Postfix) with ESMTPSA id D47CA1AF28F; Sun, 12 Jan 2025 18:06:29 +0100 (CET) Date: Sun, 12 Jan 2025 18:06:28 +0100 (CET) From: Chris Moerz To: Graham Perrin cc: freebsd-desktop@freebsd.org, freebsd-enterprisewg@freebsd.org Subject: Re: [EWG] [LDWG] [FBSD_LDWG] (272902) Laptop Project: Wi-Fi privacy/security: clear-text passwords for WPA-EAP e.g. eduroam In-Reply-To: Message-ID: References: <07e6179b-00de-4eeb-8282-527b477fdccc@gmail.com> List-Id: Using and improving FreeBSD on the desktop List-Archive: https://lists.freebsd.org/archives/freebsd-desktop List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-desktop@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=4.0.1 X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on mail2.ny-central.com X-Rspamd-Queue-Id: 4YWMHk6xS9z42LQ X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:51167, ipnet:173.212.240.0/21, country:DE] On Sun, 12 Jan 2025, Graham Perrin wrote: > On 11/01/2025 23:47, Tomek CEDRO wrote: > > > https://man.freebsd.org/cgi/man.cgi?wpa_passphrase ? :-) > > a PSK is not > applicable in wpa_gui. > What would be the expected behavior/implementation in this case? I believe with regular WPA2, one can simply store the hash value instead of the password. I suspect that's what we would like to get for eduroam (TLS-EAP) too? Supposedly, this should generate a hash value that represents the password but we would likely have to update our stack to support this? echo -n password_here | iconv -t utf16le | openssl md4 (source: https://bbs.archlinux.org/viewtopic.php?id=144471) Alternatively, one could encrypt the password, but then we'd need to enter a password for decryption every time we want to read in the conf. chris