Wpa-psk Pre-shared Key Generator

admin

Contents

Introduction

This document describes a sample configuration for Wireless Protected Access (WPA) and WPA2 with a pre-shared key (PSK).

  • Mar 24, 2007 The upshot: While wpa-psk will keep out casual wardrivers, a determined intruder, given enough time, can always hack into your network. If you use a poor passphrase (like, oh, 'passphrase'), a dictionary attack could render your wpa-psk useless in 30 seconds.
  • Under Security Options, select WPA-PSK (Wi-Fi Protected Access Pre-Shared Key). Under Security Encryption (WPA-PSK) Passphrase, enter a passphrase. The passphrase may either be a string of 64 hexidecimal digits, or word/phrase of 8-63 ASCII characters. SAVE or KEEP NOTE of the passphrase - it will be required to connect wirelessly to your.
  • Dec 27, 2015  Understanding WPA/WPA2 Pre-Shared-Key Cracking. The few weaknesses inherent within the authentication handshake process for WPA/WPA2 PSKs have been known for a long time. This blog post does not serve anything that is new or has not been previously seen in the wild or conference talks and actually references other sites (such as RFCs.
  • Contact your system support person. The person who set up your network usually keeps the WEP key or WPA/WPA2 preshared key/passphrase. If your wireless network was set up by your Internet Service Provider (ISP), then you might find the information in the documentation they provided.

One of the more common issues identified during Wireless Network assessments is that organisations often utilise Pre-Shared-Keys (PSKs) for authentication, despite usually having relatively strong configurations for encryption.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

  • Familiarity with the GUI or the command-line interface (CLI) for the Cisco IOS® software
  • Familiarity with the concepts of PSK, WPA, and WPA2

Components Used

The information in this document is based on Cisco Aironet 1260 Access Point (AP) that runs Cisco IOS Software Release 15.2JB.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Configure

Configuration with GUI

This procedure describes how to configure WPA and WPA2 with a PSK in the Cisco IOS software GUI:

  1. Set up the Encryption Manager for the VLAN defined for the Service Set Identifier (SSID). Navigate to Security > Encryption Manager, ensure Cipher is enabled, and select AES CCMP + TKIP as the cipher to be used for both SSIDs.
  2. Enable the correct VLAN with the encryption parameters defined in Step 1. Navigate to Security > SSID Manager, and select the SSID from the Current SSID List. This step is common for both WPA and WPA2 configuration.
  3. In the SSID page, set Key Management to Mandatory, and check the Enable WPA checkbox. Select WPA from the drop-down list in order to enable WPA. Enter the WPA Pre-shared Key.
  4. Select WPA2 from the drop-down list in order to enable WPA2.

Configuration with CLI

Notes:
Use the Command Lookup Tool (registered customers only) in order to obtain more information on the commands used in this section.
The Output Interpreter Tool (registered customers only) supports certain show commands. Use the Output Interpreter Tool in order to view an analysis of show command output.

This is the same configuration done within the CLI:

Verify

In order to confirm that the configuration works properly, navigate to Association, and verify that the client is connected:

You can also verify the client association in the CLI with this syslog message:

Troubleshoot

Note: Refer to Important Information on Debug Commands before you use debug commands.

Wpa Psk Key Generator

Use these debug commands in order to troubleshoot connectivity issues:

  • debug dot11 aaa manager keys - This debug shows the handshake that occurs between the AP and the client as the pairwise transient key (PTK) and group transient key (GTK) negotiate.
  • debug dot11 aaa authenticator state-machine - This debug shows the various states of negotiations that a client passes through as the client associates and authenticates. The state names indicate these states.
  • debug dot11 aaa authenticator process - This debug helps you diagnose problems with negotiated communications. The detailed information shows what each participant in the negotiation sends and shows the response of the other participant. You can also use this debug in conjunction with the debug radius authentication command.
  • debug dot11 station connection failure - This debug helps you determine if the clients are failing the connection and helps you determine the reason for failures.
WiFi Protected Access Pre-Shared Key (WPA-PSK) Complexity Configuration on the WAP121 and WAP321 Access Points

Objective

Wi-Fi Protected Access (WPA) is one of the security protocol used for wireless networks. When compared to Wired Equivalent Privacy (WEP) security protocol, WPA has improved the authentication and encryption features. If WPA is configured on the AP, a WPA Pre-Shared Key (PSK) is chosen to securely authenticate clients. When WPA-PSK Complexity is enabled, complexity requirements for the key used in the authentication process can be configured. More complex keys provide increased security.

This article explains how to configure WPA-PSK Complexity on the WAP121 and WAP321 access points.

Applicable Devices

• WAP121
• WAP321

Software Version

• 1.0.3.4

WPA-PSK Complexity Configuration

Step 1. Log in to the web configuration utility and choose System Security > WPA-PSK Complexity. The WPA-PSK Complexity page opens:

Step 2. Check the Enable check box in the WPA-PSK Complexity field to enable the AP to check new WPA-PSK keys for complexity.

Step 3. Choose the minimum number of character classes that must be represented in the key string from the WPA-PSK Minimum Character Class drop-down list. The four possible character classes are uppercase letters, lowercase letters, numbers, and the special characters available on a standard keyboard.

Step 4. (Optional) To configure a different key when the current key expires check the Enable check box in the WPA-PSK Different From Current field. Uncheck the Enable check box to allow the user to reenter the previous key when the current key expires.

Wpa-psk Pre-shared Key Generator Key

Step 5. Enter the maximum length that the pre-shared key can be in the Maximum WPA-PSK Length field. The value ranges from 32 to 63.

Wpa-psk Pre-shared Key Generator Download

Step 6. Enter the minimum length that the pre-shared key can be in the Minimum WPA-PSK Length field. The value ranges from 8 to 16.

Step 7. Click Save to save the settings.