Re: WPA-PSK

Unanswered Question
Sep 18th, 2009
User Badges:

Hi Sir,


I've customer enabling WPA-PSK using the longest characters (up to 63) instead of the minimum 8. Will it cause any performance degradation on the wireless LAN. Can anyone share further technical information on WPA-PSK?


Thanks.

Delon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jeff.kish Fri, 09/18/2009 - 08:53
User Badges:
  • Silver, 250 points or more

Hi Delon,


There should be no performance degradation. It can only affect CPU, and Cisco APs use hardware to perform it so no CPU cycles are required. You want to use at least 25 characters anyway to prevent dictionary attacks. Using 63 is definitely not necessary, but if peace of mind is important then there's nothing wrong with it.


Please be sure to use AES encryption and not TKIP. TKIP uses the same encryption cipher as WEP, and it has recently been exploited.


Jeff

maldin Sun, 09/27/2009 - 22:04
User Badges:

Hi jeff,


if i am not mistaken, all wireless frames transmitted will be encrypted with the long key right? does having these long key will practically makes the frame longer?

jeff.kish Mon, 09/28/2009 - 07:33
User Badges:
  • Silver, 250 points or more

Hi Maldin,


Great question! The AES key is actually always 256-bits, regardless of what ASCII string was used as a seed. If you ever notice your Cisco device say that you can either enter a 64-bit Hex or 8-63 character ASCII string, it's because you have the option of inputting the key directly (64 hex = 256-bits) or indirectly using a complicated algorithm with your string as a base.


So regardless of what size string you use, the key will always be 256-bits. Using a short string simply allows for dictionary attacks against your key. Shorter keys aren't inherently weaker within the AES algorithm, nor do longer keys increase your packet size.


Great discussion question. Let me know if you have anything else to discuss :)


Jeff

Actions

This Discussion