07-13-2019, 11:10 PM
(This post was last modified: 07-13-2019, 11:31 PM by Tim Curtis.
Edit Reason: etc
)
Just a brief update :-)
The wpa_passphrase utility generates a WPA Pre-shared Key (PSK) from the SSID + plaintext password. This is then used to authenticate to the WiFi SSID or to AP mode. The PSK is still visible in wpa_supplicant.conf and hostapd.conf but its difficult to crack.
moOde also maintains the plaintext WiFi and AP mode passwords in its SQL database to eliminate the need to reenter them when saving the Network Config screen. These passwords have been obscured in moOde 6 code base but not by using a crypto method. This is because the type of crypto that would be used for this is "symmetric encryption" which would require the crypto keys to be embedded in the source code and thus visible.
This vulnerability can be eliminated by not storing the obscured passwords in the SQL database but it would result in having to reenter the WiFi and Host AP mode passwords each time the Network Config screen was saved.
It's security vs convenience.
Feedback appreciated.
-Tim
The wpa_passphrase utility generates a WPA Pre-shared Key (PSK) from the SSID + plaintext password. This is then used to authenticate to the WiFi SSID or to AP mode. The PSK is still visible in wpa_supplicant.conf and hostapd.conf but its difficult to crack.
moOde also maintains the plaintext WiFi and AP mode passwords in its SQL database to eliminate the need to reenter them when saving the Network Config screen. These passwords have been obscured in moOde 6 code base but not by using a crypto method. This is because the type of crypto that would be used for this is "symmetric encryption" which would require the crypto keys to be embedded in the source code and thus visible.
This vulnerability can be eliminated by not storing the obscured passwords in the SQL database but it would result in having to reenter the WiFi and Host AP mode passwords each time the Network Config screen was saved.
It's security vs convenience.
Feedback appreciated.
-Tim
