Last Post: July 1, 2011:
Hi. Does anyone know if using a 63 character ASCII passphrase for WPA2-PSK would cause any problems as opposed to using a much shorter key? Like taking up the APs resources for example. Also do longer keys require more packets than short keys? If so what's an ideal length?
Don't confuse passphrases, with keys, or for that matter passphrase lengths and key lengths.
Keys get produced from the passphrases, and are always the same length. The catch is that longer/better passphrases will produce "better" keys. (and be harder to guess).
Look up the how "rainbow tables" and default router parameters can be used to hack wireless networks.
PS: I believe that the currently recommended passphrase minimum length is 20 characters, and something not found in ANY dictionary.
I once made a customers passphrase "Idonthavewingsbutmyairplanehas2".
I was confusing passphrases and keys, thanks! So the passphrase is never sent across the air, only the key that is generated from it?
And it's mixed with other elements to make it a connection dependent key. Multiple devices may use the same Passphrase, but each connection pair will have different encryption keys.
Passphrase-PSK mapping formula use to change 8-63 character ASCII passphrase to 256 bit PSK....which use as a PMK to generate encryption keys.
Passphrase (8-63 character ASCII ) ------->256 bit PSK ------> 256 bit PMK-------->PTK
Remember wlanman sentence "The catch is that longer/better passphrases will produce "better" keys. (and be harder to guess)."
I think I saw a calculation once on the time taken for a computer to crack passphrases and it was something ridiculous once you got above a certain number of characters, longer = better
Thanks everyone! I'm troubleshooting an issue where, ever since I added a WLAN to the controller-based APs that uses a 63 char passphrase for WPA2-PSK, devices on a different WLAN (using WPA2, 802.1x PEAP) are having intermittent connectivity problems in multiple locations. I'm wondering if maybe the new PSK WLAN is taking up the APs/controller resources to the point where the EAP conversations are timing out.
Prior to this new WLAN, the other WLANs were only using WPA2 802.1x or Open auth. When I added the PSK WLAN I disabled another so there are the same number of WLANs as there were before the problem started.
I've heard that some Macs will only support a 62 char passphrase.
As far as connectivity issues, the passphrase has nothing to do with intermittent connectivity. It's either right, or wrong.
As a side note, how many devices do you have on this PSK network?
Just fishing, but for the heck of it:
1. What types of devices are the clients?
2. What channels are you using, and are you having co-channel interference issues?
3. What are your WPA key refresh settings?
And are you WLANS truly separate LANS, or do they share subnets or VLANS?
@GTHill - currently only 20 test devices, potentially 350 in the future. In case you're wondering, I have the ability to change the passphrases with remote management software.
1. handheld computers for barcode scanning
2. 1,6,11. Yes, there is definitely co-channel interference with omni antennas in the warehouses. I often see channel utilization up around 50-70%. Channels are set dynamically. We still have all data rates enabled, so beacons travel far. I had a demo of Airmagnet WiFi Analyzer running a couple weeks ago and it showed over 99% of traffic was 1 mbps.
3. I'm not sure where this is configured, but we have the WLAN "Session timeout" set to 8 hours. Is this the same thing?
Most WLANs are on separate virtual interfaces and VLANs. There are 2 that share the same, out of 9 WLANs.