[FS#415] WEP is not shown as bad to use in the LUCI user interface.
LEDE Bugs
lede-bugs at lists.infradead.org
Fri Jan 20 20:54:05 PST 2017
A new Flyspray task has been opened. Details are below.
User who did this - Jim Gettys (jgettys)
Attached to Project - LEDE Project
Summary - WEP is not shown as bad to use in the LUCI user interface.
Task Type - Feature Request
Category - Packages
Status - Unconfirmed
Assigned To -
Operating System - All
Severity - High
Priority - Very Low
Reported Version - All
Due in Version - Undecided
Due Date - Undecided
Details - WEP encryption was totally, absolutely broken in the early 2000's with commonly available tools (e.g. aircrack-ng) for bad guys to crack networks with for a decade.
Yet the LUCI UI does not warn against choosing WEP.
If WEP is presented in the UI as an encryption option (which is probably necessary so that you don't have to do everything at once to convert a network to something less incredibly insecure when installing), the user should be warned (maybe in RED; but some are red/green color blind). Probably best is to provide a link to a web page explaining just how insecure WEP is, and that they should convert encryption protocols and choose a new wireless password as soon as possible.
Lest you think this isn't a problem, I found my brother was using WEP this evening, just because he didn't know any better and had run his network that way for a decade or more. For pragmatic grounds, (he can't afford to reconfigure everything in his network this instant), he needs to delay this change until after initial installation.
Let's gently guide people toward better, more secure behavior.
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=415
More information about the lede-bugs
mailing list