Tue May 14 08:03:12 2024 daemon.err hostapd: Line 29: unknown configuration item 'wep_key0'
Tue May 14 08:03:12 2024 daemon.err hostapd: Line 30: unknown configuration item 'wep_default_key'
Tue May 14 08:03:12 2024 daemon.err hostapd: 2 errors found in configuration file '<inline>'
This is the whole /etc/config/wireless:
So what am I doing wrong?
//EDIT: From looking at hostapd codes it seems the ifdef CONFIG_WEP resolves to false, so it jumps through all the else ifs until it reaches this, which prints exactly the error messages I saw: https://w1.fi/cgit/hostap/tree/hostapd/config_file.c#n5072
WEP is completely insecure and no longer offered by OpenWrt, should you still require it (don't!), you will have to build OpenWrt from source and explicitly enable it.
If I have the option between everyone entering the network cause it is open or using WEP to keep at least noobs away I choose the second one. Which rises the question: Why does OpenWRT still support open networks / how can open be more secure than WEP?
It won't even keep the noobs away because Aircrack-ng exists. Breaking WEP encryption is literally one of the first tutorials new users can read to learn the tool, and that tutorial was written in 2010! If anything, one could argue having a WEP network makes it even more likely that a noob will test their newfound aircrack-ng skills on it!
WEP is so broken it's basically no better than just running an open wireless network, and it has been that way for more than twenty years now.
In August 2001, Scott Fluhrer, Itsik Mantin, and Adi Shamir published a cryptanalysis of WEP[4] that exploits the way the RC4 ciphers and IV are used in WEP, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network.
It is possible to perform the attack with a personal computer, off-the-shelf hardware, and freely available software such as aircrack-ng to crack any WEP key in minutes.
Cam-Winget et al.[15] surveyed a variety of shortcomings in WEP. They wrote "Experiments in the field show that, with proper equipment, it is practical to eavesdrop on WEP-protected networks from distances of a mile or more from the target."
At least with an open network there's no delusion that the wireless network is secure in any way.
WEP reduces maximum radio speed to G or N while open network is permitted in all newer radio standards. WPA3 includes OWE, open to connect still negotiating per-client key and making them unable to snoop on eachother. Or for interop WPA2+AES is still permitted and you can print a QR code for guests even with 15 years old devices.
@brada4 So how exactly do I get my Nintendo 2DS XL in DS compatibility mode to connect to that WPA2+AES Network? Nintendo says not possible but this device got released in 2017, so just 7 years ago, restricting your statement that I can do this with 15 years old devices.
3DS is also b/g only, so I don't care about higher standards. All I want is having a dedicated network for that 3DS which is not open.
Anyway, installed Arch Linux in a VM and using that now for a WEP compatible hostapd. Sad that people like me have to switch to general purpose distributions now as the "open" router distribution restricts users choices.
//EDIT: See, I really don't want to sound mean. I know how badly broken WEP is. The way I see this is that a network I spawn on demand only, have the SSID hidden, have a MAC filter active and is WEP encrypted is still better than just a plain open network. In my eyes this configuration might not stop experts like you from entering the network but it might at least stop the neighbor kid to enter it when dad cutted the WiFi / forbid to go online.