Posted: Thu Dec 31, 2020 16:42 Post subject: FAQ/Guide for SHA256 / CCMP-256 and WPA3
I am currently using WPA2 CCMP-128 (AES) for wireless encryption. I have seen over time that additional security has been enabled for DD-WRT in general such as SHA256 and CCMP-256. I thought maybe I should be looking at using these instead but I cannot seem to find any guides or FAQs specific to this area. Am I just not finding them?
I'd also like to know specifically about using WPA2 SHA256 and CCMP-256 with WDS networks. Can the WDS network itself use this if the clients that connect to the STAs do not? What are the "rules" if you will?
Also, what is the current state of WPA3 with DD-WRT? It seemed that for a while it was mostly experimental but some time has passed.
Thanks, I didn't realize that WPA3 was still that limited. I did some research on some of my client adapters and sure enough, ther is no support for WPA3. So for now, I'm going to sort of just ignore WPA3.
As far as my clients, I have a pretty good mix of old and new including Linux, Windows, Android, iOT, Rokus etc. so this is likely a limiting factor. I don't use 5Ghz because range is an issue so my Wifi network is purely 2.4Ghz and set to 'N only' on all APs and stations (I have a total of 6 APs).
How does backward compatibility work with DD-WRT? So in other words if I enable WPA2 and WPA2 with SHA-256 as well as enable CCMP-128/CCMP-256/GCMP/GCMP-256 will the clients use the highest level they can and if not will fall back to a lower level?
I was reading somewhere that CCMP-256 and GCMP-256 were only used for a 802.11AC network however DD-WRT gives me these options to select. Is GCMP strictly for WPA3 only?
Hi all. Does anyone know how this works? I could test this myself if I could figure out a way to tell which level of WPA algorithm was being used. All I can tell is that it is using WPA2-PSK. Is there a way I can find out additional detail to see the WPA algorithm?
One other thing specific to DD-WRT, since both the WDS AP and the WDS Station are both running DD-WRT does this mean that the communication between them would be able to use CCMP-256 and the clients could use it if supported but if not supported fall-back to CCMP-128?