Description of problem: I filed a bug under the redhat-config-network but rejected because it appears to belong here (see issue 20731). Basically our corporate systems person refuses to setup my wireless because as he puts it she puts it she could lose her job. Main reason is that the wep key is a highly guarded code here. If they set up my laptop I can see the key just by opening any of the wireless network configuration utiltities or just running iwconfig as root. Since root access is required for me and others to do our work this is a serious security problem. Therefore, the wep key must be encripted on the system as it is in other os's.
If you're root, you'll always be able to get it.
Not true!! If you do one way encription like the /etc/passwd file it is very secure. Look at: http://www.hack.gr/users/atlantis/unixpasswd.html WEP keys need to be kept even more secure than you do passwords.
You may want to read: http://wepcrack.sourceforge.net/ http://airsnort.shmoo.com/
OK so wep has problems. That's not the point. No security system is perfect only a set of barriers to prevent inadvertant breaches or to slow down attackers. If it takes a day or two of sniffing to hack the wep code that is a barrier. Besides as the wifi security standards improved wouldn't you want have laid the foundation for that to sit on. Instead of throwing up your arms and saying, well there is no point since it has been hacked? I'm noting that redhat is wasting its time having this page on a https site since that can be cracked too. Back to my main point. I'm in a real corporate environment (6000 employees) and clear text key storage is not acceptable by the IT department. I would assume the same for many others.
Assigning to kernel, then. root will easily be able to get a plaintext key without kernel changes.
Please read the documentation about how WEP works. It needs the key in the clear to do encryption in the first place.
No OS keeps WEP keys somehow magically safe. The only stuff that uses smart cards I know doesn't use WEP.