[Freedombox-discuss] Unencrypted passwords

Nick Daly nick.m.daly at gmail.com
Tue Dec 31 18:32:05 UTC 2013


Sandy Harris <sandyinchina at gmail.com> writes:

> (from Slashdot) A claim that various distros store wifi passwords
> unencrypted. Does this affect us?
>
> http://news.softpedia.com/news/All-Linux-Distributions-Store-Wi-Fi-Passwords-in-Plain-Text-If-You-Don-t-Use-Encryption-412387.shtml

As far as I can tell, this specific case (though not the concept) is
irrelevant to the FreedomBox server.  The article discusses storing
unencrypted wireless passwords on the hard-drive of the client device.
This article is saying that:

"If someone has physical access to your laptop, they'll probably be able
to read the passwords that you use to connect to wireless networks."

The article's talking about wireless network clients, but the same could
apply to the server: someone reading the server's hard-drive could
probably read the wireless password and compromise the wireless network
that way.

If a human attacker (or some malware) has physical access to your
device, someone reading the wireless passwords is probably the least of
your concerns.  That's an issue for both clients and servers.
Encrypting the hard-drive will delay those sorts of attacks when the
data are at rest, but that won't actually protect against malware
reading the data when the device is running (the encrypted data must be
decrypted to be used).

So:

1. Only people you trust should touch your devices.

2. Malware is a nasty class of trouble that's easier to prevent than it
   is to correct.  It's funny to think of a Live CD as malware.

Nick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20131231/e7d1b1c0/attachment.sig>


More information about the Freedombox-discuss mailing list