2

I recently changed the password of my wifi and updated the file in the /boot folder of the OctoPrint's OS running on my raspberry pi.

Yet, it is now in plain text and I would like to avoid storing it that way.

What can I do to make the file more secure?

the automatic configuration from the RaspberryPi imager had generated an encrypted versionoof the password. But I'm not going to flash everything again, so that's not an option.

Thanks.

Myoch
  • 205
  • 1
  • 7

2 Answers2

1

There is no way to store it that's "more secure". In order to connect to the network, a device needs the password. The configuration tool you used likely just stored an encoded (which means roughly the opposite of encrypted, despite many people not understanding the difference) form of the password. To store it encrypted would require also storing a decryption key to decrypt and use it, but then whoever reads the SD card could just read the key too.

There is nothing special about a Raspberry Pi in this. Your PCs, phones, etc. all store wifi passwords in a form that can be read back, and that is read back every time they use them to connect to a network. If they don't make it easy for you the human user to read back the password, that's simply a user interface choice they've made to give you a false sense of safety, not any actual security boundary.

R.. GitHub STOP HELPING ICE
  • 12,296
  • 5
  • 31
  • 69
  • Thanks. I would just say that encoded and encrypted are two different things, not opposite, since they don't belong to the same "world". Anyways, would you say that "encoding" it in the way it was before is not any safer than having it in a human-readable way? At least a thief would have to know how it was encoded... – Myoch Mar 12 '22 at 22:18
  • @Myoch: "Encoded" means stored with a particular convention for how the data is represented and to be interpreted. For example UTF-8 is an *encoding* of Unicode text not to obscure it but to ensure that senders and receipients agree on a convention for how to communicate. In the case of encoding of the password, I'm pretty sure that reading the docs for `wpa_supplicant` will tell you how it's encoded; if not the docs, surely reading the source code would. So it's unrealistic to expect someone not to be able to find out how to interpret it. – R.. GitHub STOP HELPING ICE Mar 13 '22 at 14:21
  • Then clearly, it was not just simply encoded in any standard way. Too bad I did not copied it before changing it. – Myoch Mar 13 '22 at 19:59
0

An alternative idea to avoid saving your password in plain text on the SD card of the Raspberry Pi is not to use WiFi and use an ethernet cable instead.

Bob Ortiz
  • 374
  • 1
  • 15