Linux storing passwords in plain text. Here is the truth of the matter.

The NetworkManager daemon on Linux does store WIFI passwords in plain text, but you need root access to read the files. Here is a sample WIFI connection file in /etc/NetworkManager/system-connections.

homer@deusexmachina /etc/NetworkManager/system-connections $ sudo cat PIZZACATSWIFI
[connection]
id=PIZZACATSWIFI
uuid=f4f0260d-ca5e-4b86-808d-3dce65fa80cf
type=802-11-wireless

[802-11-wireless]
ssid=PIZZACATSWIFI
mode=infrastructure
mac-address=4C:0F:6E:5D:E1:25
security=802-11-wireless-security

[802-11-wireless-security]
key-mgmt=wpa-psk
auth-alg=open
psk=302c64ff12

[ipv4]
method=auto

[ipv6]
method=auto

The passkey is stored in the file in plaintext, but you need to be a computer administrator to be able to read the file. This means that the security of the system is still preserved. If you are on a multi-user system, you can limit the ability of users to abuse the sudo command. There is a way to allow a user to run the command they need and not other commands when using sudo. This is covered here: http://askubuntu.com/questions/155791/how-do-i-sudo-a-command-in-a-script-without-being-asked-for-a-password.

Windows XP stores WiFi passwords unencrypted in registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC\Parameters.

Windows 6.x stores WiFi passwords in obfuscated XML files under hard disk folder %PROGRAMDATA%\Microsoft\Wlansvc\Profiles\Interfaces.

This web page explains how to recover stored WIFI passwords on Windows: http://securityxploded.com/wifi-password-secrets.php.

Post a Comment

Your email is kept private. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current ye@r *