On 16/08/2015 06:53, Steve Litt wrote:
The toughest part is how to store the passwords in a way that isn't a security problem.
Unfortunately, /etc/wpa_supplicant.conf doesn't have an include feature (which is strange, because hostapd supports a wpa_psk_file option). So you have to store the passwords (or the equivalent binary PSKs) in the configuration file, and make this file readable only from root - which means you need a small suid root binary to write the whole configuration file. Password security isn't a problem that you can fix at the interface level, it's something that must be tightly integrated with the tool that uses the password - and there's no doubt wpa_supplicant could do better here. -- Laurent _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
