How to calculate WPA Hexkey?

Aruba Employee

Would it be possible to configure both passphrase & hexkey for an SSID?
If both passphrase & hexkey are configured for a PSK SSID; which will take precedence?
If SSID profile has Hexykey configured, can the corresponding passphrase be used by a client to conenct?

 

Environment Information : This article applies to all Aruba controllers and code versions.

 

Related Links: http://www.wireshark.org/tools/wpa-psk.html

                            http://www.ietf.org/rfc/rfc6070.txt

 

 

Due to the vulnerable nature of human-configured Passphrases; pre-shared key based RSN derives

a hex value out of the passphrase. This is done by a function called PBKDF2 function and is defined as below

DK =PBKDF2 (P, S, c, dkLen) where


DK == Derrived key
PBKDF2 == Password-Based Key Derivation Function
P == Password
S == Salt
c == Iteration count
dkLen == Length of derived key in octet



For WPA it becomes


DK = PBKDF2(passphrase, ssid, 4096, 256)

PBKDF2 uses Hmac-SHA1 for WPA.



We can derive the WPA-Hexkey from passphrase  & SSID values. Several tools are available to achieve this function. (Example : Wireshark Key Generator) .
 

Example :

passphrase == top-secret

SSID == aruba-ap


rtaImage.png

Same operation when carried for passphrase "new-secret" is

rtaImage.png


Aruba OS gives us an option to configure either passphrase or the hexkey. If both are configured; then Hexkey will take precedence.

rtaImage.png



Here we configured passphrase as top-secret and hexkey for new-secret. Hexkey takes precedence and clients will be able to connect to this ssid using the hexkey or  passphrase " new-secret".

 

 

Version history
Revision #:
1 of 1
Last update:
‎07-10-2014 12:12 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.