TU Berlin eduroam - How to get Wireless LAN working with wpa_supplicant.conf and hashed password

Question

I was struggling for awhile searching for a good wpa_supplicant.conf to get access to the "eduroam" Wireless LAN network at the TU Berlin.

Since I know for sure, that it is not trivial and that the bash-script actually saves your password in plain text I want to present the solution to this problem in the answer.

So that anyone in the future can follow a real guide to get eduroam working and not the fuzzy solution the tubIT presents you.

---

Update - 21 10 2021: Will work with the "updated" auth process

---

The tubIT solution (namely Configuration Assistant Tool or direct here for the tubIT version) does not work properly (securely) with wpa_supplicant nor is it build to do so.

cat was created with a (the) network manager (GNOME freedesktop NetworkManager) in mind.

Answer 1

The question how to hash your password, so you can store it without running the danger of someone sneaking into your files to grab your TU password.

Since you don't want to be enrolled in some random course.

Jokes aside, to hash your password is a good idea and won't hurt you. To do so just type the following line into your terminal:

echo -n plaintext_password_here | iconv -t utf16le | openssl md4

For Mac this would be

echo -n plaintext_password_here | iconv -t UTF-16LE | openssl md4

This will output a hashed version of your password which we will use in the wpa_supplicant.conf

If you can't copy it from the terminal add | tee ~/hashed_pw at the end to pipe the stdout to the file hashed_pw which lies in your home folder.

---

Now add the following network to your wpa_supplicant.conf

network={
    ssid="eduroam"
    key_mgmt=WPA-EAP
    pairwise=CCMP
    group=CCMP TKIP
    eap=PEAP
    anonymous_identity="[email protected]"
    identity="[email protected]"
    phase2="auth=MSCHAPV2"
    password=hash:YOUR_HASHED_PASSWORD
}

The hashed password needs to be there plain without ""!

If I missed something or if there is any way to improve this guide, please comment or edit!

---

As a finishing touch an example:

network={
    ssid="eduroam"
    key_mgmt=WPA-EAP
    pairwise=CCMP
    group=CCMP TKIP
    eap=PEAP
    anonymous_identity="[email protected]"
    identity="[email protected]"
    phase2="auth=MSCHAPV2"
    password=hash:00000000000000000000000000000000
}

---

Checked on 21 10 2021. Could change due to Cert changes in the future again