Why is the WPA2-PSK key length limited to 63 characters?

StackOverflow https://stackoverflow.com/questions/18006390

  •  04-06-2022
  •  | 
  •  

Question

I wonder why there is a limit of just 63 characters for the passphrase of WPA2-PSK. It's not even a power of two and looks very unusual to me, but surely there's some deeper meaning to this number.

Was it helpful?

Solution

The PSK is derived from the passphrase using PBKDF2 key derivation function with SHA1 as the pseudo random function. The passphrase is an 8-63 character ASCII encoded string.

PSK = PBKDF2(PassPhrase, ssid, ssidLength, 4096, 256)

The PSK is 32 bytes (256 bits), often displayed as 64 hex characters.

According to the 802.11i specification:

A pass-phrase is a sequence of between 8 and 63 ASCII-encoded characters. The limit of 63 comes from the desire to distinguish between a pass-phrase and a PSK displayed as 64 hexadecimal characters.

So the difference is just to distinguish a 64 hex character PSK from a 8-63 character ASCII passhprase.

OTHER TIPS

Looking around the web, it looks like WPA2 takes 64 characters. In any event, each character is 8 bits long which is an easy number to store. My educational guess is that they just needed a cutoff number.

63 chars terminated with an 0-byte (which is quite usual while programming strings in microprocessors) makes a length of 64. And that's a number you're looking for: it is not only a power of 2, but also of 8 and 16.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top