PSK strength

26 posts by 10 authors in: Forums > CWSP - Enterprise Wi-Fi Security
Last Post: July 1, 2011:
  • Sirkozz, where do set the limit for client power? DTPC is enabled - does that take care of it?

  • Andy I don?t see a lot of Intermec devices, and see even less deployed with Cisco AP?s so the solution I gave you is just for autonomous, I think pico-cell settings will allow you to adjust for this? You might want to give Intermec a call on this for the specifics?

    Good Luck!!!

  • Update: We changed the passphrase length from 63 to 20 and have not had any complaints from the Intermec users after a week of testing with the PSK WLAN enabled. Its not a hard proof but it appears these devices were severely affected by the longer passphrase even though it was on a different SSID.


  • They must be resetting/recalculating their keys on an extrememly short schedule. Recomputing the PMK, from the passphrase, and reprovisioning all the devices could be using up a lot of bandwidth - which [i]might [/i]take longer with longer passphrases.

    But overall, I don't think this really makes sense - the phenomonen that is.

  • Hey Andy,

    Interesting problem! Thanks for having the courage to share it out so that we can all learn from it.

    I tend to agree with Wlanman; it doesn't seem logical to me that shortening the passphrase would have had any effect. Any change in processing speed or bw seems it would have been beyond negligible or nonexistant. The passphrase is going to still get converted to a 256 bit PSK regardless of the initial passphrase length, using the same process.

    Were there any other variables that you may have changed at the same time?

    I guess another possibility is that some of your old legacy devices may have had passphrase length restrictions?

    If you ever uncover the root cause (ie was it your legacy devices, key regeneration time, some other factor that may have been changed at the same time, something else) I'd be interested to hear what you found. Realize it's probably not in your priority queue if you've already got the durned thing working. ;) (Good job!)


  • Are all their devices Wi-Fi Certified? They test for incompatibilites in this area.

Page 3 of 3