[BETA] More secure WiFi configuration

[jscheidtmann]

PR for working on #179.

• If SSID ends with contains CHANGEME, change the SSID to "PiFinder-XYZAB", where XYZAB is a random string drawn from the character set 0-9a-zA-Z. also restart hostapd if in AP mode.
• If SSID was changed and no password is present, add WPA2 encryption to hostapd.conf, generate a 20 character random password (in that case also restart hostapd)
• If SSID contains ENCRYPTME, add wpa2 encryption and generate a 20 character password (in that case restart hostapd if in AP mode.
• Add entry "WiFi password" to menu system (near WiFi mode) to display the password in clear text on the PiFinder display, (if one is present in hostapd.conf).
• Add entry "Connect WiFi" in Start menu.
• Display a WiFi QR code, that when scanned defines the connection in the scanning device.
• Support unencrypted WiFi QR codes / Show the client SSID, if in client mode.
• Add help display
• context menu
• Update user manual
• Add a country selection entry box to AP web configuration
• In the build guide, describe how to setup wifi
• Also describe in the build guide, that one should use Ethernet to define local WiFi using the webserver (so that their passwords do not get transferred unencrypted over the air).
• In the network configuration dialog in the webserver, support switching on encryption.

[brickbots]

Hi @jscheidtmann Thank you for working on this! I think the overall plan is well thought out, but the final TODO about suggesting ethernet is not going to work as most PiFinders don't have the ethernet port exposed and many people don't have the cabling anyway.

It's very true that ethernet would ultimately be more secure, but I don't think setting up wifi over a non-encrypted HTTP connection is much of a concern as it's not traversing the internet. To be intercepted, someone would need to be local to the person and sniffing traffic on the wifi network generated by the PiFinder. While such an attack is possible, being in the right place at the right time to pull this off would be exceedingly difficult and the payoff would be pretty minor.

[brickbots]

A really interesting option here would be to display a QR code with the PiFinder WiFi SSID/Password on the screen. Correctly typing a 20 char random password might be frustrating on a phone or tablet during initial set up.

Here's an example using a QR code generator:
https://sachinjose31.medium.com/wi-fi-qr-code-generator-in-python-fdd84427be6e

[mrosseel]

hi @jscheidtmann I'm having doubts on the general approach here.

• I like the random hostname
• the random 20 character password could be a support nightmare, if the UI fails to start there's no way to ssh into the pifinder and troubleshoot. Reading a 20 char password from the small screen will also go more wrong than right. QR code could be a solution here, but we still have the no ui trouble.
• when accessing via the web interface you need the password (each time) but you can't navigate to that screen without the password

maybe @brickbots has some input here as well
Edit: haha brickbots already replied minutes before me

[jscheidtmann]

First note: The code only triggers, when "CHANGEME" is present in the SSID. We could make it triggering on "PiFinder-default-CHANGEME" only or some such.

Brickbots wrote:

Hi @jscheidtmann Thank you for working on this! I think the overall plan is well thought out, but the final TODO about suggesting ethernet is not going to work as most PiFinders don't have the ethernet port exposed and many people don't have the cabling anyway.

I know, I was suggesting to use ethernet during the build process to define e.g. client WiFi entries and avoid entering home wifi password over an twice unencrypted link (open wifi & http).

It's very true that ethernet would ultimately be more secure, but I don't think setting up wifi over a non-encrypted HTTP connection is much of a concern as it's not traversing the internet. To be intercepted, someone would need to be local to the person and sniffing traffic on the wifi network generated by the PiFinder. While such an attack is possible, being in the right place at the right time to pull this off would be exceedingly difficult and the payoff would be pretty minor.

The http and not httpS is not a problem, as long as the WiFi itself is encrypted, which by default it is not. I am more concerned about entering the home WiFi password over an entirely unencrypted link. As we are addressing a pretty nerdy group of DIYs, that means they are usually also quite security concious, and this is especially so in Germany.

I usually have no problem to use the Pi unencrypted, although people could make fun of you on a star party (I know some of those guys, who would).

MRossel worte:

hi @jscheidtmann I'm having doubts on the general approach here.

• I like the random hostname

Good. That's in especially for star parties.

• when accessing via the web interface you need the password (each time) but you can't navigate to that screen without the password

No, this long string is the WiFi password, which will be stored by your phone / tablet. The password that needs to be entered in the web is pifinder's (the unix user). This behavior is not changed.

• the random 20 character password could be a support nightmare, if the UI fails to start there's no way to ssh into the pifinder and troubleshoot. Reading a 20 char password from the small screen will also go more wrong than right. QR code could be a solution here, but we still have the no ui trouble.

• I believe using a 12 random char password would be enough (that's what Microsoft recommends as a minimum).
• Yes, you have a point there when the UI is not coming up. This means having to ssh into the PiFinder. I do not have an immediate solution to this.

[jscheidtmann]

This is an example password display:

[jscheidtmann]

Display of WiFI QR Code:

[jscheidtmann]

Regarding the UI not coming up:
We could implement a watchdog, that looks at the status of the PiFinder service every 10 seconds or so. If the status is "failed" not started or some such, it runs a script, which then displays the WiFi QR code on the display.

[jscheidtmann]

Tested the functionality of this on a real PiFinder:

• Open network displays QR code and "<No password defined>". QR Code works.
• encrypted network display QR code and the password, QR code works.
• Client mode shows name of connected WiFi.
• adding CHANGEME to AP name created a random AP name (This is default in pi_config_files/hostapd.conf)
• adding ENCRYPTME to AP name adds encryption on start of service.
• you can add CHANGEME and ENCRYPTME at the same time
• network dialog displays error messages if password is too short.
• network dialog can be used to enable encryption.
• Test password of AP can be changed (when already working in encryption)
• When connected to open AP, add enryption via web interface.

[jscheidtmann]

This PR closes #179

[jscheidtmann]

Note: It might be the case, that you can see a "PiFinder-CHANGEME(-ENCRYPTME)" in the WiFis of your phone or tablet.

[jscheidtmann]

Functionality tested successfully. Please review