cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
Re: [[cat-users]] Hashing user's password in wpa_supplicant config file on Linux
Chronological Thread
- From: Tomasz Wolniewicz <twoln AT umk.pl>
- To: Ondřej Caletka <Ondrej.Caletka AT cesnet.cz>, cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] Hashing user's password in wpa_supplicant config file on Linux
- Date: Thu, 16 Mar 2017 12:58:26 +0100
Thanks for the hint. We will use it.
Tomasz
W dniu 2017-03-16 o 12:49, Ondřej Caletka pisze:
> Hi,
>
> I just tried using CAT for my Linux system which does not use Network
> Manager. Everything worked all right, except I have been warned that my
> password will be clearly visible in wpa_supplicant.conf.
>
> I would like to point out that it is not necessary, at least not with
> MSCHAPv2. WPA supplicant will happily accept NTLM hash of the password
> specified as password=hash:<NTLM hash>
>
> NTLM hash can be obtained for instance by this shell pipeline[1]:
>
> $ echo -n plaintext_password_here | iconv -t utf16le | openssl md4
>
> or this Python one-liner[2]:
>
> $ python -c 'import getpass,hashlib;
> print(hashlib.new("md4",getpass.getpass().encode("utf-16le")).hexdigest())'
>
> Of course, there's no real security in using hash instead of password
> but at least such hash is much more harder to remember for instance when
> wpa_supplicant.conf is briefly observer by a third party.
>
> It would be nice if some future version of CAT supported this hashing.
>
> --
> Best regards,
>
> Ondřej Caletka
> CESNET
>
>
> [1]: http://unix.stackexchange.com/a/278948
> [2]: https://gist.github.com/oskar456/f641b946bc87b28b4cb097854fe45e88
>
--
Tomasz Wolniewicz
twoln AT umk.pl
http://www.home.umk.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
Attachment:
smime.p7s
Description: Kryptograficzna sygnatura S/MIME
- [[cat-users]] Hashing user's password in wpa_supplicant config file on Linux, Ondřej Caletka, 03/16/2017
- Re: [[cat-users]] Hashing user's password in wpa_supplicant config file on Linux, Tomasz Wolniewicz, 03/16/2017
- Re: [[cat-users]] Hashing user's password in wpa_supplicant config file on Linux, A . L . M . Buxey, 03/16/2017
- Re: [[cat-users]] Hashing user's password in wpa_supplicant config file on Linux, Tomasz Wolniewicz, 03/16/2017
- Re: [[cat-users]] Hashing user's password in wpa_supplicant config file on Linux, A . L . M . Buxey, 03/16/2017
- Re: [[cat-users]] Hashing user's password in wpa_supplicant config file on Linux, Tomasz Wolniewicz, 03/16/2017
Archive powered by MHonArc 2.6.19.