diff --git a/docs/software/TODO.md b/docs/software/TODO.md
index 1c6714e84..c4769c2ef 100644
--- a/docs/software/TODO.md
+++ b/docs/software/TODO.md
@@ -6,19 +6,19 @@ You probably don't care about this section - skip to the next one.
 
 * DONE call RouterPlugin for *all* packets - not just Router packets
 * generate channel hash from the name of the channel+the psk (not just one or the other)
+* send a hint that can be used to select which channel to try and hash against with each message
 * DONE remove deprecated
 * DONE fix setchannel in phoneapi.cpp
 * DONE set mynodeinfo.max_channels
 * DONE set mynodeinfo.num_bands (formerly num_channels)
 * DONE fix sniffing of non Routing packets
-* enable remote setttings access by moving settings operations into a regular plugin (move settings ops out of PhoneAPI)
+* DONE enable remote setttings access by moving settings operations into a regular plugin (move settings ops out of PhoneAPI)
 * DONE move portnum up?
 * DONE remove region specific builds from the firmware
 * restrict settings operations to the admin channel
 * add gui in android app for setting region
 * "FIXME - move the radioconfig/user/channel READ operations into SettingsMessage as well"
-* scrub protobufs to make sure they are absoloute minimum wiresize (in particular packets, ChannelSets and positions)
-* send a hint that can be used to select which channel to try and hash against with each message
+* DONE scrub protobufs to make sure they are absoloute minimum wiresize (in particular Data, ChannelSets and positions)
 * change syncword
 * allow chaning packets in single transmission - to increase airtime efficiency and amortize packet overhead
 * DONE move most parts of meshpacket into the Data packet, so that we can chain multiple Data for sending when they all have a common destination and key.
diff --git a/proto b/proto
index 649c3deb7..7db1c2edb 160000
--- a/proto
+++ b/proto
@@ -1 +1 @@
-Subproject commit 649c3deb71d1780416fac5db33ad3c957c0278b6
+Subproject commit 7db1c2edb2e62e90b1f297be2f11aff0df35330a
diff --git a/src/mesh/Channels.cpp b/src/mesh/Channels.cpp
index 510510ca3..dc1383bdf 100644
--- a/src/mesh/Channels.cpp
+++ b/src/mesh/Channels.cpp
@@ -74,18 +74,23 @@ void initDefaultChannel(size_t chIndex)
 
 /** Given a channel index, change to use the crypto key specified by that index
  */
-void setCrypto(size_t chIndex)
+void Channels::setCrypto(size_t chIndex)
 {
-
     assert(chIndex < devicestate.channels_count);
     Channel *ch = devicestate.channels + chIndex;
     ChannelSettings &channelSettings = ch->settings;
+    assert(ch->has_settings);
 
     memset(activePSK, 0, sizeof(activePSK)); // In case the user provided a short key, we want to pad the rest with zeros
     memcpy(activePSK, channelSettings.psk.bytes, channelSettings.psk.size);
     activePSKSize = channelSettings.psk.size;
-    if (activePSKSize == 0)
-        DEBUG_MSG("Warning: User disabled encryption\n");
+    if (activePSKSize == 0) {
+        if(ch->role == Channel_Role_SECONDARY) {
+            DEBUG_MSG("Unset PSK for secondary channel %s. using primary key\n", ch->settings.name);
+            setCrypto(primaryIndex);
+        } else
+            DEBUG_MSG("Warning: User disabled encryption\n");
+    }
     else if (activePSKSize == 1) {
         // Convert the short single byte variants of psk into variant that can be used more generally
 
@@ -134,7 +139,7 @@ void Channels::onConfigChanged()
             primaryIndex = i;
     }
 
-    setCrypto(0); // FIXME: for the time being (still single channel - just use our only channel as the crypto key)
+    setCrypto(primaryIndex); // FIXME: for the time being (still single channel - just use our only channel as the crypto key)
 }
 
 Channel &Channels::getChannel(size_t chIndex)
diff --git a/src/mesh/Channels.h b/src/mesh/Channels.h
index 5654fb1f2..ec64cd49b 100644
--- a/src/mesh/Channels.h
+++ b/src/mesh/Channels.h
@@ -45,6 +45,35 @@ their nodes
 
     /// called when the user has just changed our radio config and we might need to change channel keys
     void onConfigChanged();
+
+    /** Given a channel hash setup crypto for decoding that channel (or the primary channel if that channel is unsecured)
+     * 
+     * This method is called before decoding inbound packets
+     * 
+     * @return false if no suitable channel could be found.
+     */
+    bool setCryptoByHash(uint8_t channelHash);
+
+    /** Given a channel index setup crypto for encoding that channel (or the primary channel if that channel is unsecured)
+     * 
+     * This method is called before encoding inbound packets
+     * 
+     * @eturn the (0 to 255) hash for that channel - if no suitable channel could be found, return -1
+     */
+    int16_t setCryptoByIndex(uint8_t channelIndex);
+
+private:
+    /** Given a channel index, change to use the crypto key specified by that index
+     */
+    void setCrypto(size_t chIndex);
+
+    /** Return the channel index for the specified channel hash, or -1 for not found */
+    int8_t getChannelIndexByHash(uint8_t channelHash);
+
+    /** Given a channel number, return the (0 to 255) hash for that channel 
+     * If no suitable channel could be found, return -1
+    */
+    int16_t getChannelHash(size_t channelNum);    
 };
 
 /// Singleton channel table
diff --git a/src/mesh/generated/deviceonly.pb.h b/src/mesh/generated/deviceonly.pb.h
index 47ffe2ae3..b8c372664 100644
--- a/src/mesh/generated/deviceonly.pb.h
+++ b/src/mesh/generated/deviceonly.pb.h
@@ -80,7 +80,7 @@ extern const pb_msgdesc_t DeviceState_msg;
 #define DeviceState_fields &DeviceState_msg
 
 /* Maximum encoded size of messages (where known) */
-#define DeviceState_size                         6225
+#define DeviceState_size                         6119
 
 #ifdef __cplusplus
 } /* extern "C" */
diff --git a/src/mesh/generated/mesh.pb.h b/src/mesh/generated/mesh.pb.h
index d29f6c86b..873e0aa2f 100644
--- a/src/mesh/generated/mesh.pb.h
+++ b/src/mesh/generated/mesh.pb.h
@@ -119,20 +119,20 @@ typedef enum _LogRecord_Level {
 /* Struct definitions */
 typedef PB_BYTES_ARRAY_T(32) ChannelSettings_psk_t;
 typedef struct _ChannelSettings {
-    int32_t tx_power;
+    int8_t tx_power;
     ChannelSettings_ModemConfig modem_config;
     ChannelSettings_psk_t psk;
     char name[12];
-    uint32_t bandwidth;
+    uint16_t bandwidth;
     uint32_t spread_factor;
-    uint32_t coding_rate;
-    uint32_t channel_num;
+    uint8_t coding_rate;
+    uint8_t channel_num;
     uint32_t id;
     bool uplink_enabled;
     bool downlink_enabled;
 } ChannelSettings;
 
-typedef PB_BYTES_ARRAY_T(240) Data_payload_t;
+typedef PB_BYTES_ARRAY_T(237) Data_payload_t;
 typedef struct _Data {
     PortNum portnum;
     Data_payload_t payload;
@@ -230,7 +230,7 @@ typedef struct _User {
 } User;
 
 typedef struct _Channel {
-    uint32_t index;
+    uint8_t index;
     bool has_settings;
     ChannelSettings settings;
     Channel_Role role;
@@ -240,7 +240,7 @@ typedef PB_BYTES_ARRAY_T(256) MeshPacket_encrypted_t;
 typedef struct _MeshPacket {
     uint32_t from;
     uint32_t to;
-    uint32_t channel_index;
+    uint8_t channel_index;
     pb_size_t which_payloadVariant;
     union {
         Data decoded;
@@ -249,7 +249,7 @@ typedef struct _MeshPacket {
     uint32_t id;
     uint32_t rx_time;
     float rx_snr;
-    uint32_t hop_limit;
+    uint8_t hop_limit;
     bool want_ack;
     MeshPacket_Priority priority;
 } MeshPacket;
@@ -770,17 +770,17 @@ extern const pb_msgdesc_t AdminMessage_msg;
 #define User_size                                72
 #define RouteDiscovery_size                      40
 #define Routing_size                             47
-#define Data_size                                258
-#define MeshPacket_size                          302
-#define ChannelSettings_size                     95
-#define Channel_size                             105
+#define Data_size                                255
+#define MeshPacket_size                          294
+#define ChannelSettings_size                     87
+#define Channel_size                             94
 #define RadioConfig_size                         308
 #define RadioConfig_UserPreferences_size         305
 #define NodeInfo_size                            130
 #define MyNodeInfo_size                          89
 #define LogRecord_size                           81
 #define FromRadio_size                           317
-#define ToRadio_size                             305
+#define ToRadio_size                             297
 #define AdminMessage_size                        311
 
 #ifdef __cplusplus
diff --git a/src/mesh/generated/portnums.pb.h b/src/mesh/generated/portnums.pb.h
index 3ddd806ea..4e9203db1 100644
--- a/src/mesh/generated/portnums.pb.h
+++ b/src/mesh/generated/portnums.pb.h
@@ -24,13 +24,14 @@ typedef enum _PortNum {
     PortNum_STORE_FORWARD_APP = 65,
     PortNum_RANGE_TEST_APP = 66,
     PortNum_PRIVATE_APP = 256,
-    PortNum_ATAK_FORWARDER = 257
+    PortNum_ATAK_FORWARDER = 257,
+    PortNum_MAX = 511
 } PortNum;
 
 /* Helper constants for enums */
 #define _PortNum_MIN PortNum_UNKNOWN_APP
-#define _PortNum_MAX PortNum_ATAK_FORWARDER
-#define _PortNum_ARRAYSIZE ((PortNum)(PortNum_ATAK_FORWARDER+1))
+#define _PortNum_MAX PortNum_MAX
+#define _PortNum_ARRAYSIZE ((PortNum)(PortNum_MAX+1))
 
 
 #ifdef __cplusplus