From nobody Sat Jan 11 21:02:31 2025 X-Original-To: freebsd-enterprisewg@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVrZj5bf9z5jmF9; Sat, 11 Jan 2025 21:02:53 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from fout-b2-smtp.messagingengine.com (fout-b2-smtp.messagingengine.com [202.12.124.145]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVrZj1xjlz4KDC; Sat, 11 Jan 2025 21:02:53 +0000 (UTC) (envelope-from dch@skunkwerks.at) Authentication-Results: mx1.freebsd.org; none Received: from phl-compute-02.internal (phl-compute-02.phl.internal [10.202.2.42]) by mailfout.stl.internal (Postfix) with ESMTP id DF37B1140123; Sat, 11 Jan 2025 16:02:51 -0500 (EST) Received: from phl-imap-02 ([10.202.2.81]) by phl-compute-02.internal (MEProxy); Sat, 11 Jan 2025 16:02:51 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at; h=cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1736629371; x=1736715771; bh=Y0hl1zrU0zA1bAMxP8wR/PFTXHv8v5sr0qx2l/twsKY=; b= AHaxrRNXgor1Sdof/vgbPm3KDtTyaw3K1fxAlZ9NgcCeRgzVinLpn1+Y0Crqx3FY sAN65Ko1SG9xAtEbszndPYPUsqwIusjd+Zy1BuHyxIKSBUYXrxFh5VZDRuKDsCQG xk0FpxTKMlMjBDFAiJgGIKZGbK1VtXslKbHfsJe4Yl7iwaA+dxWkoJOl4j1I20Xa D6e7lH5eDndB5TS4YMfOrNWkHJk7ekr+JOJBfcByaGgh+O2D70O1kr8fyf9lp6qC EeKS2XbEzo6XIWAUSksK5cvAiakDPvNjvJ2n5sNVo+B+xHh0WC/oJ1CgNNLN894j 4FrDjRvlljFYDHDZlblwnQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1736629371; x=1736715771; bh=Y 0hl1zrU0zA1bAMxP8wR/PFTXHv8v5sr0qx2l/twsKY=; b=lwE69YBF0NTfoTdXK fzb18Crgqe8viync/pJJJcmMQfM3GLPqFTEwb3LmgOuTwqBExGvW2s+fwvD4RJ4Q fRSoCCYnqamgLvVtsZojq0+M2GGsp/r3ebCY7bv2aEhFCYXPto8lJRlS2J7+azTX bbX9X0WBY4IEJeE98tLhGoZPfj4roXwMVqU5f97nK1zH4NtVRx+lJpAzNBIXLsVL frJJZit+OEsQUeiXsD83kXFay4eLW20Z2MflrhSMAB1tnc9wT3VPZ6k8LbXQH4IR 1DEY+rKcAovMaoBAN9XPHZJdLSKq/6fLlYzgSaT0IiQpWgsPlWrsZWVFGu0du7Io AVQtw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrudehtddgudegtdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg hnthhsucdlqddutddtmdenucfjughrpefoggffhffvkfgjfhfutgfgsehtqhertdertdej necuhfhrohhmpedfffgrvhgvucevohhtthhlvghhuhgsvghrfdcuoegutghhsehskhhunh hkfigvrhhkshdrrghtqeenucggtffrrghtthgvrhhnpefgtdfhtefffeekuefhteefhfet tdffueekgfefgffhfeeuudeiieeluddtgfeutdenucffohhmrghinhepghhithhhuhgsrd gtohhmpdhfrhgvvggsshgurdhorhhgpdifuddrfhhipdhfrhgvshhhphhorhhtshdrohhr ghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegutg hhsehskhhunhhkfigvrhhkshdrrghtpdhnsggprhgtphhtthhopeefpdhmohguvgepshhm thhpohhuthdprhgtphhtthhopehfrhgvvggsshguqdguvghskhhtohhpsehfrhgvvggssh gurdhorhhgpdhrtghpthhtohepfhhrvggvsghsugdqvghnthgvrhhprhhishgvfihgsehf rhgvvggsshgurdhorhhgpdhrtghpthhtohepghhrrghhrghmphgvrhhrihhnsehgmhgrih hlrdgtohhm X-ME-Proxy: Feedback-ID: ic0e84090:Fastmail Received: by mailuser.phl.internal (Postfix, from userid 501) id 56BC5B0006A; Sat, 11 Jan 2025 16:02:51 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface List-Id: FreeBSD as a general-purpose enterprise server List-Archive: https://lists.freebsd.org/archives/freebsd-enterprisewg List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-enterprisewg@freebsd.org Sender: owner-freebsd-enterprisewg@FreeBSD.org MIME-Version: 1.0 Date: Sat, 11 Jan 2025 22:02:31 +0100 From: "Dave Cottlehuber" To: "Graham Perrin" , freebsd-desktop@freebsd.org, freebsd-enterprisewg@freebsd.org Message-Id: In-Reply-To: <07e6179b-00de-4eeb-8282-527b477fdccc@gmail.com> References: <07e6179b-00de-4eeb-8282-527b477fdccc@gmail.com> Subject: Re: [EWG] [LDWG] [FBSD_LDWG] (272902) Laptop Project: Wi-Fi privacy/security: clear-text passwords for WPA-EAP e.g. eduroam Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4YVrZj1xjlz4KDC X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] On Sat, 11 Jan 2025, at 17:14, Graham Perrin wrote: > I'd like the Foundation to have an issue (story) for this in its Lapto= p=20 > Project, . > > In=20 > =20 > for wpa_supplicant.conf(5), the example for eduroam uses a clear text=20 > password. > > I'm not aware of a method to have the password saved without clear tex= t. It looks like it=E2=80=99s supported since a while. https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf # mem_only _psk : Whether to keep PSK/passphrase only in memory # 0 =3D allow psk/passphrase to be stored to the configuration file # 1 =3D do not store psk/passphrase to the configuration file #mem_only _psk =3D0 See if https://www.freshports.org/net/wpa_gui/ helps make this a bit eas= ier, or if wpa_cli is available maybe this can be lightly scripted. Dave