Linux storing passwords in plain text. Here is the truth of the matter.
Posted: January 1, 2014. At: 10:29 PM
The NetworkManager daemon on Linux does store WIFI passwords in plain text, but you need root access to read the files. Here is a sample WIFI connection file in /etc/NetworkManager/system-connections.
[email protected] /etc/NetworkManager/system-connections $ sudo cat PIZZACATSWIFI [connection] id=PIZZACATSWIFI uuid=f4f0260d-ca5e-4b86-808d-3dce65fa80cf type=802-11-wireless [802-11-wireless] ssid=PIZZACATSWIFI mode=infrastructure mac-address=4C:0F:6E:5D:E1:25 security=802-11-wireless-security [802-11-wireless-security] key-mgmt=wpa-psk auth-alg=open psk=302c64ff12 [ipv4] method=auto [ipv6] method=auto
The passkey is stored in the file in plaintext, but you need to be a computer administrator to be able to read the file. This means that the security of the system is still preserved. If you are on a multi-user system, you can limit the ability of users to abuse the sudo command. There is a way to allow a user to run the command they need and not other commands when using sudo. This is covered here: http://askubuntu.com/questions/155791/how-do-i-sudo-a-command-in-a-script-without-being-asked-for-a-password.
Windows XP stores WiFi passwords unencrypted in registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC\Parameters.
Windows 6.x stores WiFi passwords in obfuscated XML files under hard disk folder %PROGRAMDATA%\Microsoft\Wlansvc\Profiles\Interfaces.
This web page explains how to recover stored WIFI passwords on Windows: http://securityxploded.com/wifi-password-secrets.php.