Strength check for the openwrt router password but not for the WPA key

This is somewhat related to my other post... but still far enough to open a own topic about it.

When adding or changing the router password in openwrt it has automatic check for strength which looks like a very useful thing to do.


On the other hand when configuring a WPA1/2/3 with key there is no indications about the strength of the key :point_down:


For that example a average user might think that this setup features "strong security" (like indicated in the Encryption field) even tough this key can be cracked from a recorded handshake in less than 100 seconds.

I did already the same with "only" WPA encryption but it was actually no weakness by the obsolete RC4 cipher that WPA and WEP uses that the script abused but just the triviality of the key. :unlock:

The "security" in that case does not solely rely on the strength (or weakness) of the key as I read but as the SSID is actually part of the "Password-based Key Derivation Function 2" it would be harder to crack if the SSID was hidden (and complex, probably best with emojis like @shdf pointed out here :wink: ).

So why wouldn't openwrt want to "warn" a user about a weak key? Specially as this is the first "wall" before a weak router password (for that openwrt warns already today) could be even exploited :thinking: