May 14 2007

How to derive 256 bit WPA-PSK key from pass phrase entered by the User

Published by at 2:47 am under Security,WIFI

WPA-PSK key need to be 256 bits in lenght. Somesoftware, allow the user to enter 256 Key directly by allowing to enter 64 Hexadecimal numbers. But many of them asks for a pass phrase that are between 8 to 63 character in lenght and then convert it into 256 bit Keylength.

This article briefly mentions how this is done.

A key derivation function named PBKDF2 from RSA securities is been standardised by the Wifi alliance for deriving the key from pass phrase.

To know more about the PBKDF2 click RFC2898

PBKDF2 hashes with the SSID of the Access point that we want to join to produce the 256 bit key. The hash function used is SHA1-HMAC. SHA1 computes a 160 bit hash function. And HMAC creates the Message authentication function.

The SHA1-HMAC is iterated over 4096 time to produce the Key. To know more about SHA1 click SHA1 RFC. To knoe more about HMAC, clickHMAC RFC

The Algorithm from top level looks as follows

key = PBKDF2( Pass phrase, SSID, Interation count = 4096, Key length = 256 )

Hope this helps some one.

No responses yet