Wireless Network Key
Mark Haney
mhaney at ercbroadband.org
Wed Aug 6 15:43:02 UTC 2008
Leo Cacciari wrote:
>
> Of course, but if someone stoles the hard disk, then changing the
> wireless key (if they haven't stolen the AP too) seems standard
> procedure, like if someone stoles your key-ring with your home key,
> you'll change the lock, wouldn't you?
>
> The true problem is if someone gets access to the account. If it only
> get access to the user account, he/she would be able to read the key
> contained in the shell script, thus leading to the security problem you
> pointed out with your tip, but he/she would not be able to
> read /etc/network/interfaces and the file where n-m stores the keys is
> encrypted, thus accessing it without the user master key is useless.
>
> If the intruder gains root access, then the password stored
> in /etc/network/interface is obviously accessible, but the one stored in
> the n-m file would still not be, unless he has access to the user master
> key.
Sure those keys are encrypted, and exactly how long do you think it
would take to crack that encrypted file? Not long. The point is, if
the system is compromised with that user account, it being Ubuntu, they
can SUDO into root and get the keys. That's my point. It doesn't
matter in this case. Access to a regular user account in Ubuntu gets
you root access much easier than if it's say Gentoo, or Fedora where
sudo isn't always configured for a particular user.
So, your point about the keys being safer in n-m is just as useless as
mine is from that perspective.
--
Libenter homines id quod volunt credunt -- Caius Julius Caesar
Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415
Call (866) ERC-7110 for after hours support
More information about the ubuntu-users
mailing list