> We have been assessing our existing processes (for OpenWrt, and especially the OpenWrt One) against NIST IR 8425A, and are now accelerating those efforts to ensure we can show that routers using OpenWrt are indeed safe and secure, as determined by independent bodies.
It would be awesome to have somebody show that OpenWrt-based routers are safe and secure. I looked into this problem about 10 years ago and my concluding was that stock OpenWrt was really questionable. Like, there is no auto-update story, but at the same time it is a giant (relative to what it should be, IMO) Linux distro full of vulnerability-laden components. This space is in dire need of a minimal security-first-from-the-ground-up alternative with a real trustworthy update story.
yjftsjthsd-h•1h ago
> Like, there is no auto-update story, but at the same time it is a giant (relative to what it should be, IMO) Linux distro full of vulnerability-laden components. This space is in dire need of a minimal security-from-the-ground-up alternative with a real trustworthy update story.
I admit I'm not super deeply familiar, but I would have guessed the opposite - that openwrt had no extra software included, not least because it's targeting devices where total disk and RAM are measured in megabytes. What components would you remove/replace that make it "giant"?
wtallis•41m ago
The only thing that can reasonably be called "giant" about OpenWRT is the package repository: it has a decent package manager like you'd expect to find on a desktop Linux distro, and it can be used to add functionality to your router, including a fair bit if stuff that goes well beyond what is typically used on routers. But the default install set is not giant, and is typical of what you'd expect for a wireless router.
charcircuit•1h ago
Is there a way to prove that a device claiming to run OpenWrt is actually running it and not a modified, compromised version of it?
briansmith•1h ago
Pretty much all the routers that are targeted by the ban would be OpenWrt derivatives, AFAICT. It’s basically the Android of routers, except without the Google resources.
Google Wifi Is one of the main lines that aren’t based on OpenWrt.
I don’t operate any OpenWrt-based devices.
esseph•2m ago
[delayed]
charcircuit•1h ago
>see the Librem 5 (USA) for example
I always assumed it was priced outrageously to have a big enough margin to start fulfilling the preorders and refund requests from the original kickstarter. The device does not sell very many units so it won't benefit from bulk pricing.
briansmith•1h ago
It would be awesome to have somebody show that OpenWrt-based routers are safe and secure. I looked into this problem about 10 years ago and my concluding was that stock OpenWrt was really questionable. Like, there is no auto-update story, but at the same time it is a giant (relative to what it should be, IMO) Linux distro full of vulnerability-laden components. This space is in dire need of a minimal security-first-from-the-ground-up alternative with a real trustworthy update story.
yjftsjthsd-h•1h ago
I admit I'm not super deeply familiar, but I would have guessed the opposite - that openwrt had no extra software included, not least because it's targeting devices where total disk and RAM are measured in megabytes. What components would you remove/replace that make it "giant"?
wtallis•41m ago
charcircuit•1h ago
briansmith•1h ago
Google Wifi Is one of the main lines that aren’t based on OpenWrt.
I don’t operate any OpenWrt-based devices.
esseph•2m ago