How to open a WEP AP correctly?

I'm on the latest snapshot (r26302-4f87a4d84f ) on Generic x86/64. Builded with the firmware selector with this config:

base-files busybox ca-bundle dnsmasq dropbear e2fsprogs firewall4 fstools grub2-bios-setup kmod-amd-xgbe kmod-bnx2 kmod-button-hotplug kmod-dwmac-intel kmod-forcedeth kmod-fs-vfat kmod-igb kmod-igc kmod-ixgbe kmod-nft-offload kmod-tg3 libc libgcc libustream-mbedtls logd luci mkf2fs mtd netifd nftables odhcp6c odhcpd-ipv6only opkg partx-utils procd procd-seccomp procd-ujail uci uclient-fetch urandom-seed urngd nano-full htop wpad-mbedtls kmod-rtw88-8821cu usbutils usb-modeswitch

The reason for this is a rtw8821cu WiFi stick which seems to be supported in snapshot only.

Now I followed this cause I need to open a WEP network: https://openwrt.org/docs/guide-user/network/wifi/encryption#wep_encryption_not_recommended
It seemed to work and even LUCI shows it's configured to WEP but at the same time it is disabled and I see this in the logs:

Tue May 14 08:03:12 2024 daemon.err hostapd: Line 29: unknown configuration item 'wep_key0'
Tue May 14 08:03:12 2024 daemon.err hostapd: Line 30: unknown configuration item 'wep_default_key'
Tue May 14 08:03:12 2024 daemon.err hostapd: 2 errors found in configuration file '<inline>'

This is the whole /etc/config/wireless:
image

So what am I doing wrong?

//EDIT: From looking at hostapd codes it seems the ifdef CONFIG_WEP resolves to false, so it jumps through all the else ifs until it reaches this, which prints exactly the error messages I saw: https://w1.fi/cgit/hostap/tree/hostapd/config_file.c#n5072

This is weird through as openwrt defines that here: https://github.com/openwrt/openwrt/blob/main/package/network/services/hostapd/Makefile#L591

So did I find a bug and if so: Where to report?

WEP is completely insecure and no longer offered by OpenWrt, should you still require it (don't!), you will have to build OpenWrt from source and explicitly enable it.

3 Likes

@slh Wow, that's a bummer.

If I have the option between everyone entering the network cause it is open or using WEP to keep at least noobs away I choose the second one. Which rises the question: Why does OpenWRT still support open networks / how can open be more secure than WEP?

There is no excuse for running WEP (it's even disallowed for modern WLAN standards).

Open network 'may' still be useful for hotspot like scenarios (and it doesn't need those obsolete algorithms/ dependencies).

2 Likes

It won't even keep the noobs away because Aircrack-ng exists. Breaking WEP encryption is literally one of the first tutorials new users can read to learn the tool, and that tutorial was written in 2010! If anything, one could argue having a WEP network makes it even more likely that a noob will test their newfound aircrack-ng skills on it!

WEP is so broken it's basically no better than just running an open wireless network, and it has been that way for more than twenty years now.

In August 2001, Scott Fluhrer, Itsik Mantin, and Adi Shamir published a cryptanalysis of WEP[4] that exploits the way the RC4 ciphers and IV are used in WEP, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network.

It is possible to perform the attack with a personal computer, off-the-shelf hardware, and freely available software such as aircrack-ng to crack any WEP key in minutes.

Cam-Winget et al.[15] surveyed a variety of shortcomings in WEP. They wrote "Experiments in the field show that, with proper equipment, it is practical to eavesdrop on WEP-protected networks from distances of a mile or more from the target."

At least with an open network there's no delusion that the wireless network is secure in any way.

4 Likes

WEP reduces maximum radio speed to G or N while open network is permitted in all newer radio standards. WPA3 includes OWE, open to connect still negotiating per-client key and making them unable to snoop on eachother. Or for interop WPA2+AES is still permitted and you can print a QR code for guests even with 15 years old devices.

1 Like