Secure Wi-Fi Password Storage on an Embedded Device (NetworkManager 1.46)
Till Maas
till at redhat.com
Wed Mar 26 07:00:00 UTC 2025
Am Di., 18. März 2025 um 16:50 Uhr schrieb Juan A. Rubio <
jarubio2001 at gmail.com>:
>
> In the short term, I'll add some obfuscation to improve security. In
> the near future we'll follow up with a more secure solution using the
> available security hardware.
>
If you care about this, you should get this tested by security experts who
have a full understanding about the passwords and use cases. Obfuscation
does not improve security. Also, if you believe you can properly secure the
passwords with the security hardware in the future (hard to tell without
knowing the full system), then you should also plan to change the passwords
once you protect them better. Keep in mind that if users can change the
code on the SD card, they can also change it so that it will tell them the
actual wifi password. In general, it seems most useful to be able to have
per-device credentials in this case (for example using 802.1x) and a
working mechanism to change/block compromised credentials.
Cheers
Till
--
Till Maas (He/His/Him/They/Them)
Manager, Software Engineering
Network Management Team - NetworkManager, Nmstate, Ansible RHEL Networking
System Role
My mission is to *inspire*, *challenge*, *support* and *care* to *lead* to
*excellence* and *brilliance*.
Red Hat GmbH, https://www.redhat.com/de/global/dach, Registered seat:
Werner von Siemens Ring 12, 85630 Grasbrunn, Germany
Commercial register: Amtsgericht Muenchen/Munich, HRB 153243,
Managing Directors: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy
Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/networkmanager/attachments/20250326/7c75c8ae/attachment.htm>
More information about the Networkmanager
mailing list