3

I have a passphrase and I want to generate 128bit or 256bit WEP key from that. Any pointers or links will be helpful on how to generate WEP key from a plain text.

Jyotiska
  • 255
  • 3
  • 15
  • 3
    Why would you **EVER** use WEP?! It is almost as insecure as no encryption at all! If you want security you **MUST** use WPA! – ThiefMaster Jan 12 '13 at 12:06
  • Here's both: [`(void *)0`](http://en.wikipedia.org/wiki/Cryptographic_hash_function). – Kerrek SB Jan 12 '13 at 12:06
  • 2
    @ThiefMaster: The OP didn't say she wants to use WEP. She only wants to create a WEP **key**. – Kerrek SB Jan 12 '13 at 12:07
  • @ThiefMaster There might just be some algorithmic curiosity at play here. Though the OP might indeed be equally interested in reading about its flaws. The Wikipedia page on WEP might be a decent starting point for that. http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy – Bart Jan 12 '13 at 12:14

2 Answers2

2

Hopefully the original poster has found the answer by now but I for one found this information SHOCKINGLY difficult to come by as it's beyond deprecated. As mentioned repeatedly, in this thread and others, WEP is horribly unsecure but for some reason nobody is willing to give a straight answer otherwise and there are a lot of suggestions to go learn something else.

To the original question, the 128-bit key is an MD5 hash of a 64-byte string. This 64-byte string is the ASCII pass phrase repeated over and over then truncated at 64-bytes. In SQL Server for instance, this would appear as,

SELECT CAST(HASHBYTES('MD5', LEFT(REPLICATE(@phrase, CEILING(64.0 / LEN(@phrase))), 64)) AS varbinary(13))
Alton XL
  • 635
  • 6
  • 18
0

Start by reading about Key Derivation Functions. High quality modern KDFs are scrypt, bcrypt and PBKDF2. All of them have open source implementations.

For PBKDF2, you can specify the length of the derived key. For scrypt, you can pick the first N bits of the output and use them as the key.

The most straightforward way of doing this without using a KDF is to concatenate your passphrase with a 24 bit IV (initialization vector) and form an RC4 key.

Mind that WEP combines your key and IV to seed an RC4 stream which keys the data stream; for this reason, WEP has a number of shortcomings, which make it unable to provide adequate data confidentiality. You can read more about it by following the Wikipedia page links.

Do NOT use a cryptographic hash as a derived key.

Michael Foukarakis
  • 39,737
  • 6
  • 87
  • 123