Wiki: Wi-Fi: Encryption

Talk about Documentation
1

The Wiki entry about basic Wi-Fi mentions the option encryption, of course. However, its description does not mention all possible values. Only at the end of that Wiki entry, there is a list of the possible values.

Idea A:
What about linking that list of values where the option encryption is described?

Idea B:
Or what about moving that list of possible values from the Wiki entry basic Wi-Fi to the existing Wiki entry about Wi-Fi encryption?

One more thing:
The Wiki entry about Wi-Fi encryption mentions WPA (TKIP). However, my recent tests with OpenWrt 19.07 revealed, psk enables not the cipher TKIP but just CCMP. WPA with CCMP is a possible combination but a bit uncommon. I do not think that was intended by that example. Therefore, what about changing that line to mention TKIP explicitly:

uci set wireless.@wifi-iface[0].encryption=psk+tkip

For consistency, I would do the same for WPA2 (CCMP):

uci set wireless.@wifi-iface[0].encryption=psk2+ccmp

However, what about moving the first generation WPA section all the way down to WEP because, as the initial section mentions, only WPA2 (CCMP) is considered secure. Or replacing that WPA-only section with a WPA/WPA2-mixed example: psk-mixed+tkip+ccmp. I think, that would be more useful for potential readers.

One more, more thing:
The Wiki entry about basic Wi-Fi talks about the abbreviation MPF. I guess that stands for ‘Management Frame Protection’. However, many call it ‘Protected Management Frames’ (PMF). What about mentioning both abbreviations and mention ieee80211w='1' (optional) in the WPA2-PSK example in the Wiki entry about Wi-Fi encryption? I think, that should be the default starting point nowadays for interested readers.

Yes, all this is explained via the Web interface LuCI. However, both Wiki entries target those without LuCI going directly for UCI.

What do you think? @takimata @bobafetthotmail @JW0914

2

I'm a bit confused as to why are you asking/tagging me. I never even so much as touched that wiki page, and honestly I don't have an opinion either way.

1 Like
3

Ok, I have implemented a slightly changed idea A. I have moved the "none" and the few "wep" options down in the encryption table, and renamed it from WPA mode to "encryption mode" since now it's listing all possible values of the encryption option.

As for the more thing I don't know about what is best for default for WPA, I think it's OK to move WPA down as it's been more or less obsolete for ages now. I also think it's ok to list a WPA/WPA2-mixed example, but no deletion of WPA examples. We still have the examples and documentation for WEP which is absolute garbage, the point of the wiki is to tell how to do something, we should not hide information from the user. Just add some warnings about how they are bad and obsolete and should be used ONLY for specific purposes.

As for the "more more thing" Yes I agree about that. Also I think the WPA3 configuration examples are missing too and should be added.

If you want to do this yourself but you don't have a wiki account already, you can send a PM to me or tmomas with your email and your chosen username for the wiki and we can register an account for you.

2 Likes
4

Either mixed or psk+tkip. But not psk+ccmp, which psk created for me.

The question is, how many examples does one need. Those must be maintained. LuCI offers those new values and via the button ‘unsaved changes’ one can see the UCI command.

5

Yes you already told me. By "I don't know" I meant "I have no opinion about it, either is good".

One per type should be enough (so one example for WPA3 and at least one for WPA3 Enterprise). I don't think there is much maintenance required given what this stuff is, just add new examples on top as new standards appear and old standards become outdated.

1 Like