09-18-2009 01:04 AM - edited 07-03-2021 06:03 PM
Hi Sir,
I've customer enabling WPA-PSK using the longest characters (up to 63) instead of the minimum 8. Will it cause any performance degradation on the wireless LAN. Can anyone share further technical information on WPA-PSK?
Thanks.
Delon
09-18-2009 08:53 AM
Hi Delon,
There should be no performance degradation. It can only affect CPU, and Cisco APs use hardware to perform it so no CPU cycles are required. You want to use at least 25 characters anyway to prevent dictionary attacks. Using 63 is definitely not necessary, but if peace of mind is important then there's nothing wrong with it.
Please be sure to use AES encryption and not TKIP. TKIP uses the same encryption cipher as WEP, and it has recently been exploited.
Jeff
09-27-2009 10:04 PM
Hi jeff,
if i am not mistaken, all wireless frames transmitted will be encrypted with the long key right? does having these long key will practically makes the frame longer?
09-28-2009 07:33 AM
Hi Maldin,
Great question! The AES key is actually always 256-bits, regardless of what ASCII string was used as a seed. If you ever notice your Cisco device say that you can either enter a 64-bit Hex or 8-63 character ASCII string, it's because you have the option of inputting the key directly (64 hex = 256-bits) or indirectly using a complicated algorithm with your string as a base.
So regardless of what size string you use, the key will always be 256-bits. Using a short string simply allows for dictionary attacks against your key. Shorter keys aren't inherently weaker within the AES algorithm, nor do longer keys increase your packet size.
Great discussion question. Let me know if you have anything else to discuss :)
Jeff
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: