Deriving of Preshared key in EAP-PSK method

Piotr Zawadzki pzawadzki at polsl.pl
Wed Nov 29 13:29:27 EST 2006


Dnia środa, 29 listopada 2006 15:23, Ravi Kishore Singh napisał:
> Hello Hostap,
> I have one question regarding Preshared key that is used if we
> choose EAP-PSK as our EAP method::
>
> Do we need to enter 16 byte PSK manually as input for this method.
> It seems cumbersome. As Peer and Server should have same PSK, so
> there must be some standard mechanism which can generate PSK (same at both
> ends) from a set of user inputs provided at both ends.
>
> Ravi!!
According to the example in distributed wpa_supplicant.conf you can enter
a shared secret as hexadecimal key value or as text password.

network={
        ssid="example"
        proto=WPA
        key_mgmt=WPA-PSK
        pairwise=CCMP TKIP
        group=CCMP TKIP WEP104 WEP40
        psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
        priority=2
}
network={
        ssid="second ssid"
        scan_ssid=1
        psk="very secret passphrase"
        priority=2
}
In the second case the key is derived with the pseudorandom function build 
around SHA-1, if I correctly recall. However, entering shared secrets as text 
makes 4-way handshake vulnerable to dictionary attack if you choose weak/bad 
password.

-- 
Piotr Zawadzki, Silesian University of Technology
retrieve public key from http://www.keyserver.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20061129/32116dc6/attachment.pgp 


More information about the HostAP mailing list