After reading this article on Ars Technica I started looking for a way to enable an encrypted, yet passwordless public network. It is probably not possible due to specifications which require a certain number of characters and OSs complying with them, but what about accepting any password?
It will most definitely require custom scripting or even modifying the sources, so I've chosen OpenWRT to try this out. The relevant sources can be found here and here, which are used for building the wpad, hostpad and wpa-supplicant packages. By default OpenWRT uses wpad-mini (suffix mini means an absence of the WPA Enterprise support).
One of my thoughts was to also try WPA Enterprise for this purpose. Would it be possible to write a simple script to mimic the Radius server response, being always positive, as if credentials were correct?
Another aspect of this question is security. If accepting any password was possible, wouldn't it mean that anyone could trick my device to connect to an AP with the same name, as say, I use at home, and have control over the traffic? This can be a very serious issue and it is better to talk about it publicly than just pretending that if we don't publish a way to do this, no one else will do the same on black markets or in governments.
upd: Would it be possible to use a simple captive portal to 'negotiate' encryption, ideally, without any user interaction apart of opening the page? Naturally, it won't be WPA. Here is a good list of captive portal solutions for OpenWRT. A precaution: with the current OS-level implementations this wouldn't prevent leaking unencrypted data before the negotiation happens. But since OSs already recognize captive portals and display notifications, it should be possible to add a security feature to prevent any data transfers before passing the captive portal.