Re: [EWG] [LDWG] [FBSD_LDWG] (272902) Laptop Project: Wi-Fi privacy/security: clear-text passwords for WPA-EAP e.g. eduroam

In reply to: Graham Perrin : "[EWG] [LDWG] [FBSD_LDWG] (272902) Laptop Project: Wi-Fi privacy/security: clear-text passwords for WPA-EAP e.g. eduroam"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Dave Cottlehuber <dch_at_skunkwerks.at>
Date: Sat, 11 Jan 2025 21:02:31 UTC

On Sat, 11 Jan 2025, at 17:14, Graham Perrin wrote:
> I'd like the Foundation to have an issue (story) for this in its Laptop 
> Project, <https://github.com/orgs/FreeBSDFoundation/projects/1/>.
>
> In 
> <https://man.freebsd.org/cgi/man.cgi?query=wpa_supplicant.conf&sektion=5&manpath=freebsd-release> 
> for wpa_supplicant.conf(5), the example for eduroam uses a clear text 
> password.
>
> I'm not aware of a method to have the password saved without clear text.

It looks like it’s supported since a while.

https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf

# mem_only
_psk
: Whether to keep PSK/passphrase only in memory
# 0 = allow psk/passphrase to be stored to the configuration file
# 1 = do not store psk/passphrase to the configuration file
#mem_only
_psk
=0

See if https://www.freshports.org/net/wpa_gui/ helps make this a bit easier, or if wpa_cli is available maybe this can be lightly scripted.

Dave