wpa password appears when click on box
Bug #237735 reported by
Todd Reed
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wicd |
Fix Released
|
Medium
|
Adam Blackburn |
Bug Description
First of all I want to report that Wicd works great! The only thing I don't like is the fact that when you click on the box with your already typed in password, it appears instead of the dots. The dots remain if you don't click on the box. For security purposes, I need the wpa password to remain anonymous when I have the dialog box open. Basically so that clients can't open the Wicd box and find out my network password. Please fix this. thanks
toddr
Changed in wicd: | |
assignee: | oreilldf → compwiz18 |
status: | In Progress → Fix Committed |
To post a comment you must log in.
Disclaimer: I'm not a Wicd developer, so don't interpret my remarks as representative of their views...
I don't think I fully understand your situation. How will a client have that sort of access to your laptop? This sounds like a physical security issue much more than a bug in wicd.
That being said, I personally like the way it works now. Obfuscating the key is security by obscurity anyway - it *has* to be somewhere on the system, which means that it can be found. Even if wicd were to encrypt the key and then store that hash in the config file, wicd would also have to know how to reverse the hash to get the key to actually send to the access point, and since the algorithm to reverse the hash is part of wicd, it's a simple matter to get the plaintext key. Long story short, obfuscating the key might make users *feel* like the key is more secure, but it does little to nothing in actually making it more secure. JMHO, of course. :-)