Deriving of Preshared key in EAP-PSK method

Piotr Zawadzki pzawadzki at
Wed Nov 29 13:29:27 EST 2006

Dnia środa, 29 listopada 2006 15:23, Ravi Kishore Singh napisał:
> Hello Hostap,
> I have one question regarding Preshared key that is used if we
> choose EAP-PSK as our EAP method::
> Do we need to enter 16 byte PSK manually as input for this method.
> It seems cumbersome. As Peer and Server should have same PSK, so
> there must be some standard mechanism which can generate PSK (same at both
> ends) from a set of user inputs provided at both ends.
> Ravi!!
According to the example in distributed wpa_supplicant.conf you can enter
a shared secret as hexadecimal key value or as text password.

        pairwise=CCMP TKIP
        group=CCMP TKIP WEP104 WEP40
        ssid="second ssid"
        psk="very secret passphrase"
In the second case the key is derived with the pseudorandom function build 
around SHA-1, if I correctly recall. However, entering shared secrets as text 
makes 4-way handshake vulnerable to dictionary attack if you choose weak/bad 

Piotr Zawadzki, Silesian University of Technology
retrieve public key from
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 

More information about the HostAP mailing list