Would it be possible to configure both passphrase & hexkey for an SSID?
If both passphrase & hexkey are configured for a PSK SSID; which will take precedence?
If SSID profile has Hexykey configured, can the corresponding passphrase be used by a client to conenct?
Environment Information : This article applies to all Aruba controllers and code versions.
Related Links: http://www.wireshark.org/tools/wpa-psk.html
Due to the vulnerable nature of human-configured Passphrases; pre-shared key based RSN derives
a hex value out of the passphrase. This is done by a function called PBKDF2 function and is defined as below
DK =PBKDF2 (P, S, c, dkLen) where
DK == Derrived key
PBKDF2 == Password-Based Key Derivation Function
P == Password
S == Salt
c == Iteration count
dkLen == Length of derived key in octet
For WPA it becomes
DK = PBKDF2(passphrase, ssid, 4096, 256)
PBKDF2 uses Hmac-SHA1 for WPA.
We can derive the WPA-Hexkey from passphrase & SSID values. Several tools are available to achieve this function. (Example : Wireshark Key Generator) .
passphrase == top-secret
SSID == aruba-ap
Same operation when carried for passphrase "new-secret" is
Aruba OS gives us an option to configure either passphrase or the hexkey. If both are configured; then Hexkey will take precedence.
Here we configured passphrase as top-secret and hexkey for new-secret. Hexkey takes precedence and clients will be able to connect to this ssid using the hexkey or passphrase " new-secret".