cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
583
Views
0
Helpful
3
Replies

Re: WPA-PSK

c.ong
Level 1
Level 1

Hi Sir,

I've customer enabling WPA-PSK using the longest characters (up to 63) instead of the minimum 8. Will it cause any performance degradation on the wireless LAN. Can anyone share further technical information on WPA-PSK?

Thanks.

Delon

3 Replies 3

jeff.kish
Level 7
Level 7

Hi Delon,

There should be no performance degradation. It can only affect CPU, and Cisco APs use hardware to perform it so no CPU cycles are required. You want to use at least 25 characters anyway to prevent dictionary attacks. Using 63 is definitely not necessary, but if peace of mind is important then there's nothing wrong with it.

Please be sure to use AES encryption and not TKIP. TKIP uses the same encryption cipher as WEP, and it has recently been exploited.

Jeff

Hi jeff,

if i am not mistaken, all wireless frames transmitted will be encrypted with the long key right? does having these long key will practically makes the frame longer?

Hi Maldin,

Great question! The AES key is actually always 256-bits, regardless of what ASCII string was used as a seed. If you ever notice your Cisco device say that you can either enter a 64-bit Hex or 8-63 character ASCII string, it's because you have the option of inputting the key directly (64 hex = 256-bits) or indirectly using a complicated algorithm with your string as a base.

So regardless of what size string you use, the key will always be 256-bits. Using a short string simply allows for dictionary attacks against your key. Shorter keys aren't inherently weaker within the AES algorithm, nor do longer keys increase your packet size.

Great discussion question. Let me know if you have anything else to discuss :)

Jeff

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: