03-17-2025, 12:21 PM
(03-17-2025, 07:25 AM)the_bertrum Wrote:(03-16-2025, 12:40 PM)TheOldPresbyope Wrote: Only root can read/write the NetworkManager connection profiles.
The insecurity issue here is that moOde’s default user is a “sudoer”. Keep your login credentials safe, just as you should for any computer connected to a network.
Regards,
Kent
Yeah, that's the bit I find disturbing. Fair enough that just knowing the password won't let you decrypt in flight traffic but it does allow you to connect to the network as if you had every right to be there.
Well, I don't have WPA3 and won't be upgrading any time soon so it's academic really
Since WPA3-SAE requires a plaintext password instead of a one-way hash like WPA-PSK it makes it impossible to store it securely because to do so requires that the plaintext can't be recovered i.e., it has to be converted to a one-way hash.
One thing that could be done is to never display the password for WPA-SAE. It would always need to be entered when saving the Network Config form. This at least keeps it out of easy Browser console inspection. Someone would then need to know the logon password for the Pi in order to view it which like knowing the password for any OS gives you access to lots of things.
There may be other approaches.
