[kwlug-disc] Prompting for passwords in wicd

[Nick Guenther]

Le 18 août 2017 02:52:36 HAE, Paul Nijjar via kwlug-disc <kwlug-disc at kwlug.org> a écrit :
>
>I am trying to configure my laptop to use the "eduroam" network at UW.
>My network manager is wicd. From what I can tell eduroam uses WPA2
>Enterprise, which uses a central authenticator for granting network
>access.

Yep. Its super handy. And it's global! I use it at UQAM and McGill just fine all the time.

Make sure to get the fiddly settings (EAP, phase2, the certificate authority) right.

>
>Here's the problem: the authentication password for the network is my
>WatIAM password, which is one of the most valuable passwords I have at
>UW: it can be used to read my email, reset passwords on other systems,
>forward my email, authenticate against many websites, etc. The last
>thing I want to do is store this password in plaintext. But wicd
>creates a credentials file (/etc/wicd/wireless-settings.conf on my
>system) which does exactly that. Yes, the file is protected with
>permissions, but that is not good enough to make me sleep easy at
>night.
>
>Can I configure wicd to prompt me for the password when it needs it
>instead of storing it in a plaintext file?
>
>How is this not insane?

Hi Paul!

I've never figured this out. I've wanted to for a while, and tour question prompted me to go digging.

The CSC wiki turned out to have the answer! You can pre-hash your password:

https://wiki.csclub.uwaterloo.ca/Wireless

password=hash:$(echo -n "password" | iconv -t utf16le | openssl md4)

I dunno if that md4 is necessary; isn't that reversible these days? You would hope it could be upgraded to sha256... Tell us if you try that and it works.

Android also stores your WiFi passwords in plaintext, at /data/misc/wifi/wpa_supplicant.conf, albeit protected with root permissions.