Secure Wi-Fi Password Storage on an Embedded Device (NetworkManager 1.46)
Íñigo Huguet
ihuguet at redhat.com
Tue Mar 18 11:04:26 UTC 2025
On Tue, Mar 18, 2025 at 11:50 AM Andrei Borzenkov <arvidjaar at gmail.com> wrote:
> > Could anyone point me to threads regarding more secure approaches to storing Wi-Fi credentials or suggest recommended solutions—whether built-in features or external plugins—for encrypting, salting, or otherwise obscuring Wi-Fi passwords in NetworkManager on embedded devices? Any details or best practices would be greatly appreciated.
>
> I am not sure what you expect. If you want WiFi to come up unattended,
> you need to store the passphrase. It does not matter how you encrypt
> it - as long as it has to be decrypted automatically, it will be
> available offline because everything needed to decrypt it must be
> present too.
Exactly.
Juan, I don't think the magic solution that you are looking for
exists, for the reason that Andrei has explained.
Back in my days as embedded developer, some microcontrollers were
starting to include cryptography features. Check your hardware's
documentation to see if it allows to store cryptographic keys in
hardware.
>
> If your device has TPM or similar, one could use it to encrypt the
> passphrase. This will protect against offline attacks, but probably
> not against an attacker physically present.
>
> > Thank you in advance!
> >
> > Best regards,
> > Juan
> >
> >
>
--
Íñigo Huguet
More information about the Networkmanager
mailing list