The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

Thanks for the hint. We will use it.
Tomasz


W dniu 2017-03-16 o 12:49, Ondřej Caletka pisze:
> Hi,
>
> I just tried using CAT for my Linux system which does not use Network
> Manager. Everything worked all right, except I have been warned that my
> password will be clearly visible in wpa_supplicant.conf.
>
> I would like to point out that it is not necessary, at least not with
> MSCHAPv2. WPA supplicant will happily accept NTLM hash of the password
> specified as password=hash:<NTLM hash>
>
> NTLM hash can be obtained for instance by this shell pipeline[1]:
>
>     $ echo -n plaintext_password_here | iconv -t utf16le | openssl md4
>
> or this Python one-liner[2]:
>
>     $ python -c 'import getpass,hashlib;
> print(hashlib.new("md4",getpass.getpass().encode("utf-16le")).hexdigest())'
>
> Of course, there's no real security in using hash instead of password
> but at least such hash is much more harder to remember for instance when
> wpa_supplicant.conf is briefly observer by a third party.
>
> It would be nice if some future version of CAT supported this hashing.
>
> --
> Best regards,
>
> Ondřej Caletka
> CESNET
>
>
> [1]: http://unix.stackexchange.com/a/278948
> [2]: https://gist.github.com/oskar456/f641b946bc87b28b4cb097854fe45e88
>

-- 
Tomasz Wolniewicz    
          
twoln AT umk.pl
        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576

Attachment: smime.p7s
Description: Kryptograficzna sygnatura S/MIME