WPA password strength (or the role of special characters in WPA passphrases)

It is a good security practice to use a long passphrase in WPA Personal protected wifi networks. WPA Personal is also known as WPA-PSK (pre-shared key). The strength offered by WPA-PSK is related to the strength of the passphrase, so that it cannot be easily guessed, either because it is a very short one or because it is a very predictible one. This is the reason why many of us opted to use up to 63 random printable ASCII characters, recurring to sites providing that such as www.grc.com.

Life was fun when we had one, maybe two, wireless computers at home. We inserted the damned long passphrase (certainly after several attempts!) and off we go.

Soon our homes started to have new wireless-enabled inhabitants (smartphones, tablets, e-book readers and and and). In most of these new devices, it is not so straight forward to insert a 63 character long random printable ASCII chain. In some cases, some of those special ASCII characters are not even present in the suite of keyboards (via a physical board or displayed on screen) that these wireless devices offer.

Should we then decrease the complexity of our WPA passphrase or not? This is obviously a possible strategy, however sometimes you need to go and change your WPA settings manually in many devices. This takes time. Another alternative is to get the "strange character" via copy and paste or a similar short cut.

A third possible way is the following: If you are lucky, some of those new devices that do not allow typing "strange ASCII characters" on them allow the insertion of the 64-digit hexadecimal key that corresponds to your passphrase and your SSID. This is the case for Amazon kindle devices. You can code yourself the algorithm to obtain the 64 digit long hexadecimal key or you can use this site, or even only the Javascript code that it contains, by a software developer from the Netherlands.

Reaching this point of this post, you would wonder, and what has happened to the strength and complexity of my 63 character long random printable ASCII chain if it can be replaced by a 64 digit long hexadecimal key? it turns out that the WPA-PSK passphrase strength resides only on the entropy it displays. That's about it!

Keep randomness in your life ;-)!




0 comments: