32

I wonder why there is a limit of just 63 characters for the passphrase of WPA2-PSK. It's not even a power of two and looks very unusual to me, but surely there's some deeper meaning to this number.

ph4nt0m
  • 948
  • 4
  • 10
  • 23
  • 1
    The encryption key may be from 8 to 63 printable ASCII characters or 64 hexadecimal digits. The maximum length results in 256 bit strength, which is what 64 digits (8 bits each) multiplied by 4 bits/digit yields. – neo Oct 23 '13 at 05:46

3 Answers3

53

The PSK is derived from the passphrase using PBKDF2 key derivation function with SHA1 as the pseudo random function. The passphrase is an 8-63 character ASCII encoded string.

PSK = PBKDF2(PassPhrase, ssid, ssidLength, 4096, 256)

The PSK is 32 bytes (256 bits), often displayed as 64 hex characters.

According to the 802.11i specification:

A pass-phrase is a sequence of between 8 and 63 ASCII-encoded characters. The limit of 63 comes from the desire to distinguish between a pass-phrase and a PSK displayed as 64 hexadecimal characters.

So the difference is just to distinguish a 64 hex character PSK from a 8-63 character ASCII passhprase.

Dominic Gifford
  • 816
  • 7
  • 7
-3

Looking around the web, it looks like WPA2 takes 64 characters. In any event, each character is 8 bits long which is an easy number to store. My educational guess is that they just needed a cutoff number.

Brad
  • 21
  • 3
-4

63 chars terminated with an 0-byte (which is quite usual while programming strings in microprocessors) makes a length of 64. And that's a number you're looking for: it is not only a power of 2, but also of 8 and 16.

Jeroen
  • 725
  • 5
  • 4