On 06/07/21 16:26, Henrique de Moraes Holschuh wrote:
However, it is *not* a simple matter to just "enable wireless" at first
boot in OpenWrt (due to a "default password" issue), except maybe in a
home-and-enthusiast setting. You cannot just do it for a device (or
firmware) you're going to deliver to third parties: it is *unsafe*, and
extremely strongly discouraged.
So, to safely and responsibly enable wireless by default in a device (or
firmware) you're delivering to a third-party, you need that "per-unit
unique wireless password" per device thing most vendors are doing.
Every. Single. Discussion degenerates into a "how could we make it safe"
party where wilder and wilder ideas are thrown around until everyone leaves.
"unique" per-device passwords like most vendors are doing are low
security and relatively easy to brute force once someone has
disassembled the firmware and learned the algorithm used to generate
them. They rely on obscurity for most of their security, which is not
really a thing for an open source project.
They are also completely useless for DYI users that are just flashing a
couple devices.
With much less effort you can just ship a pre-made wifi config file with
your own settings and passwords, and that's what many are already doing.
-Alberto
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel