Why is everybody using "wpa_passphrase" instead of "psk" in wpa_supplicant.conf is beyond me. You have an option to avoid plaintext passwords, the wpa_passphrase CLI tool even generates an entry for suppliant configuration, yet it seems nobody is using it.

Maybe if someone already has too much access to your machine to read the wpa_supplicant config, it's too late to worry about your wifi password?

@iiii that would be a case of direct attack. But there are plenty of other scenarios, in which you can have the files stored remotely as backups, you did a `cat` on the file while logging output of the terminal and the passwords reamins in clear in the logfile, etc...
Feels like almost nobody asks "does it have to be stored in the plaintext" and everybody setttles for "config requires elevated access so good enough, it works anyway and i don't care."

@qwwerty is right.

I use a radius server.

@qwwerty to access your wifi with the somehow leaked password someone has to be in a very close proximity to your hardware. Even randomly leaking it online is not really a threat as well, unless you're using the same password for wifi and something else. But that's a whole other story.

@iiii You can lean on a wall hacking away on your phone for hours on end without anyone caring in most cities.

@Lor-inc eh?

@iiii If you know someone's address and wifi and have reason to believe that it's worth the effort you can just walk up to the house, join the WiFi from the street and place your backdoors.

@Lor-inc well, it all relies on a big "if"