FAQ/Guide for SHA256 / CCMP-256 and WPA3

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
Laithan
DD-WRT User


Joined: 01 Sep 2018
Posts: 63

PostPosted: Thu Dec 31, 2020 16:42    Post subject: FAQ/Guide for SHA256 / CCMP-256 and WPA3 Reply with quote
I am currently using WPA2 CCMP-128 (AES) for wireless encryption. I have seen over time that additional security has been enabled for DD-WRT in general such as SHA256 and CCMP-256. I thought maybe I should be looking at using these instead but I cannot seem to find any guides or FAQs specific to this area. Am I just not finding them?

I'd also like to know specifically about using WPA2 SHA256 and CCMP-256 with WDS networks. Can the WDS network itself use this if the clients that connect to the STAs do not? What are the "rules" if you will?

Also, what is the current state of WPA3 with DD-WRT? It seemed that for a while it was mostly experimental but some time has passed.

Thank you in advance
Sponsor
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5919
Location: Romerike, Norway

PostPosted: Fri Jan 01, 2021 18:57    Post subject: Reply with quote
Atheros drivers have wpa3, but not Broadcom.
It all boils down to client compatibility.
Laithan
DD-WRT User


Joined: 01 Sep 2018
Posts: 63

PostPosted: Fri Jan 01, 2021 23:26    Post subject: Reply with quote
Thanks, I didn't realize that WPA3 was still that limited. I did some research on some of my client adapters and sure enough, ther is no support for WPA3. So for now, I'm going to sort of just ignore WPA3.

As far as my clients, I have a pretty good mix of old and new including Linux, Windows, Android, iOT, Rokus etc. so this is likely a limiting factor. I don't use 5Ghz because range is an issue so my Wifi network is purely 2.4Ghz and set to 'N only' on all APs and stations (I have a total of 6 APs).

How does backward compatibility work with DD-WRT? So in other words if I enable WPA2 and WPA2 with SHA-256 as well as enable CCMP-128/CCMP-256/GCMP/GCMP-256 will the clients use the highest level they can and if not will fall back to a lower level?

I was reading somewhere that CCMP-256 and GCMP-256 were only used for a 802.11AC network however DD-WRT gives me these options to select. Is GCMP strictly for WPA3 only?

Info here is very limited https://wiki.dd-wrt.com/wiki/index.php/Wireless_security#AES-based_CCMP



encryption.png
 Description:
 Filesize:  38.53 KB
 Viewed:  249 Time(s)

encryption.png


Laithan
DD-WRT User


Joined: 01 Sep 2018
Posts: 63

PostPosted: Fri Jan 08, 2021 23:07    Post subject: Reply with quote
Hi all. Does anyone know how this works? I could test this myself if I could figure out a way to tell which level of WPA algorithm was being used. All I can tell is that it is using WPA2-PSK. Is there a way I can find out additional detail to see the WPA algorithm?

One other thing specific to DD-WRT, since both the WDS AP and the WDS Station are both running DD-WRT does this mean that the communication between them would be able to use CCMP-256 and the clients could use it if supported but if not supported fall-back to CCMP-128?

Thank you
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6934
Location: Netherlands

PostPosted: Wed Jan 13, 2021 13:54    Post subject: Reply with quote
Broadcom also seems to have it, I have it enabled on my R6400v1 and can connect with my phone (but the phone is using WPA2) I do not have any WPA3 clients to test


Naamloos.png
 Description:
 Filesize:  42.6 KB
 Viewed:  76 Time(s)

Naamloos.png



_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum