Linux storing passwords in plain text. Here is the truth of the matter.

Posted: January 1, 2014. At: 10:29 PM. This was 3 years ago. Post ID: 6816


The NetworkManager daemon on Linux does store WIFI passwords in plain text, but you need root access to read the files. Here is a sample WIFI connection file in /etc/NetworkManager/system-connections.

[email protected] /etc/NetworkManager/system-connections $ sudo cat PIZZACATSWIFI
[connection]
id=PIZZACATSWIFI
uuid=f4f0260d-ca5e-4b86-808d-3dce65fa80cf
type=802-11-wireless

[802-11-wireless]
ssid=PIZZACATSWIFI
mode=infrastructure
mac-address=4C:0F:6E:5D:E1:25
security=802-11-wireless-security

[802-11-wireless-security]
key-mgmt=wpa-psk
auth-alg=open
psk=302c64ff12

[ipv4]
method=auto

[ipv6]
method=auto

The passkey is stored in the file in plaintext, but you need to be a computer administrator to be able to read the file. This means that the security of the system is still preserved. If you are on a multi-user system, you can limit the ability of users to abuse the sudo command. There is a way to allow a user to run the command they need and not other commands when using sudo. This is covered here: http://askubuntu.com/questions/155791/how-do-i-sudo-a-command-in-a-script-without-being-asked-for-a-password.

Windows XP stores WiFi passwords unencrypted in registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC\Parameters.

Windows 6.x stores WiFi passwords in obfuscated XML files under hard disk folder %PROGRAMDATA%\Microsoft\Wlansvc\Profiles\Interfaces.

This web page explains how to recover stored WIFI passwords on Windows: http://securityxploded.com/wifi-password-secrets.php.



What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *