Welcome to the Linux Foundation Forum!

Wi-Fi credentials security

0pen
0pen Posts: 3
edited December 2014 in Networking

If a Linux platform has no root password e.g. RaspberryPI, how secure is it to enter the Wi-Fi credentials as plain text into the 'interfaces' file?

Comments

  • saqman2060
    saqman2060 Posts: 777
    So that I am clear on what you are asking. Your system does not ask for a password when accessing the root account, it just gives you access?

    That is not secure at all.There should always be a password prompt when accessing the root profile. Try to set one up if possible.

    Passwords, or any type of security credentials transmitted in plain text will never be secured. The characters are not encrypted and can be easily stolen by a network sniffer. Always use strong wi-fi encryption.
  • 0pen
    0pen Posts: 3
    That's right, I just type root with no password to SSH in. I believe this is default for most embedded Linux platforms.

    How easy would it be for someone to gain access to the interfaces file and view the password?

    Thanks.
  • saqman2060
    saqman2060 Posts: 777
    I don't know about "default" for most embedded linux systems. Nothing that is a potential security risk is enabled by default.

    Not that easy.
  • mfillpot
    mfillpot Posts: 2,177
    Many embedded plaforms have no root password by default, which is to allow the administrator to easily enter the system on the first boot and change the password to a new password of their choosing. Failure to change the password can and most likely will result in many security issues including extracting the passwd file, installing malicious software, modifying configurations, etc...

    In my opinion, anyone who does not change the default or null passwords immediately is not a good administrator and probably should not have access to those resources in the first place.
  • saqman2060
    saqman2060 Posts: 777
    mfillpot wrote:
    Many embedded plaforms have no root password by default, which is to allow the administrator to easily enter the system on the first boot and change the password to a new password of their choosing. Failure to change the password can and most likely will result in many security issues including extracting the passwd file, installing malicious software, modifying configurations, etc...

    In my opinion, anyone who does not change the default or null passwords immediately is not a good administrator and probably should not have access to those resources in the first place.

    I have never heard or noticed such a setting. On the devices I have used with embedded linux, I was never able to gain root access to my device. One of those devices was an HTC EVO (android). Looks like I have learned something new.
  • 0pen
    0pen Posts: 3
    mfillpot wrote:
    Many embedded plaforms have no root password by default, which is to allow the administrator to easily enter the system on the first boot and change the password to a new password of their choosing. Failure to change the password can and most likely will result in many security issues including extracting the passwd file, installing malicious software, modifying configurations, etc...

    In my opinion, anyone who does not change the default or null passwords immediately is not a good administrator and probably should not have access to those resources in the first place.

    I'm new to embedded Linux.

    How do I remove a null password or create a new password in the shell?

    Thanks.
  • alpharitto
    alpharitto Posts: 0

    @0pen said:
    If a Linux platform has no root password e.g. RaspberryPI, how secure is it to enter the Wi-Fi credentials as plain text into the 'interfaces' file?

    Passwords, or any type of security credentials transmitted in plain text will never be secured. The characters are not encrypted and can be easily stolen by a network sniffer. Always use strong wi-fi encryption.

Categories

Upcoming Training