From: Marcel Holtmann <marcel at holtmann.org>
To: iwd at lists.01.org
Subject: Re: [RFC 0/2] Encrypt secrets using systemd provided key
Date: Fri, 21 Jan 2022 21:35:44 +0100 [thread overview]
Message-ID: <027D9B88-6844-452F-86CE-6FB5328342E3@holtmann.org> (raw)
In-Reply-To: 6c282c5ba41e220c4cd862ee920b7164618e4390.camel@gmail.com
[-- Attachment #1: Type: text/plain, Size: 4155 bytes --]
Hi James,
>>> There has been interest in enabling IWD users to store their
>>> network
>>> credentials in some encrypted form. Recently systemd added support
>>> for
>>> passing secrets/credentials to services only accessible by the
>>> service
>>> they are intended. This provides a clean way of obtaining a secret
>>> key
>>> which IWD can use to encrypt anything it writes to the FS. In
>>> addition
>>> there is no hard dependency on systemd since the credential is
>>> provided
>>> as a file (i.e. no Dbus API or linked library etc).
>>>
>>> At the moment setting up the IWD service to use this feature will
>>> be
>>> left up to the user. But setting this up is very straight forward.
>>> I
>>> used docs for systemd-creds (Example 2):
>>>
>>> https://www.freedesktop.org/software/systemd/man/systemd-creds.html
>>>
>>> The only difference is the --name argument should be iwd-secret.
>>>
>>> Note: systemd version 250 is required.
>>>
>>> The reason this is being sent as an RFC is because of some open
>>> questions
>>> I had and wanted feedback on:
>>>
>>> 1. What options specifically do we want encrypted? These patches
>>> only
>>> address Passphrase and PreSharedKey but really any option could
>>> be
>>> encrypted. Obviously we would also want 802.1x secrets, but are
>>> there
>>> other non-obvious options with privacy concerns?
>>
>> we only need to encrypt things that are provided by the user. If we
>> wouldn’t ask the user for it, then it is not worth while protecting.
>
> Ok, another option would be encrypting the entire [Security] group and
> assume anything here should be secure. This would actually make things
> quite a bit cleaner, and may be the only solution with how we do the
> 802.1x profiles since they are recursive.
any setting that gets asked by the user via the agent is worth protecting, the rest is not worth it.
As pointed out in the other review, you need to also have some sort of random nounce stored in plaintext. So besides the PassphraseEncrypted, you also need PassphraseSalt or similar. And then your salt value + SSID for example will be used as IV/Nounce into the crypto.
>>> 2. What is the stance on existing provisioning files? Currently
>>> these
>>> changes overwrite any existing files with the new *Encrypted
>>> options
>>> automatically. Is this desirable? or should user have to opt-in
>>> their
>>> existing provisioning files.
>>
>> The problem arises that you no longer can move from one machine to
>> the next without re-entering your secrets. So I guess this only
>> desirable if the master key is part of your users keyring. If you
>> have 200 PSKs entered and you set up a new machine, you now end up
>> having to re-enter these as you go visiting new networks.
>
> How would this work though? The user would have to either manually
> encrypt the settings/group or have some way to tell IWD to do it?
>
> I think the act of enabling the main.conf option would be enough, and
> we could emphasise this in the docs. Yes this means you cannot go back
> but if you really had 200 profiles you absolutely could not lose you
> probably should have those saved somewhere else, offline.
>
> Also, really the only security benefit (above what we do now) is when
> using a TPM meaning you couldn't move the profiles between machines
> regardless.
So this is pretty neat for embedded devices. Let say you have a weight scale with WiFi. This way you can ensure with a single system key that all your credentials are protected. If you throw the device away or brick it, it ensures that nobody can easily read it out by just mounting the disk/flash.
For a desktop system it is ok, if you have a capable admin/user that knows what they are doing. If you don’t they are going to scream at your if they move to a new system and all their WiFi is gone. If a MacBook or iPhone upgrade of mine would loose me all my PSKs, I would be rather mad at somebody.
This is for paranoid people and really only helps if you use a TPM. That all said, it is nice feature.
Regards
Marcel
next reply other threads:[~2022-01-21 20:35 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-21 20:35 Marcel Holtmann [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-01-21 23:46 [RFC 0/2] Encrypt secrets using systemd provided key Diederik de Haas
2022-01-21 22:42 Diederik de Haas
2022-01-21 22:36 Marcel Holtmann
2022-01-21 22:30 James Prestwood
2022-01-21 22:22 Diederik de Haas
2022-01-21 20:54 Marcel Holtmann
2022-01-21 20:49 James Prestwood
2022-01-21 20:19 James Prestwood
2022-01-21 15:20 Marcel Holtmann
2022-01-21 0:41 James Prestwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=027D9B88-6844-452F-86CE-6FB5328342E3@holtmann.org \
--to=unknown@example.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.