Has anyone figured out a way around the 63 byte passkey limit?

// Expert user has replied.
D Daniel Teeters 3 years 7 months ago
1 4 0

I have a customer who's corporate policy requires a 64 byte AES passkey.    We have a 63 byte limit on the MC70, has anyone figured out a way around this?

Please Register or Login to post a reply

4 Replies

D Daniel Teeters

This is my problem, the hospital is using laptops and they are presented with the following screen:

Enter a WPA key for your Wireless network.

The WPA (or Wi-Fi Protected Access) key must meet one of the following guidelines;

- Between 8 and 63 characters

- Exactly 64 characters using 0-9 and A-F

They are using 64 Hex characters

Do we have any way to enter this on the MC70?

D David Meyer

Daniel, No, we do not have any way to do that on the MC70, but I would recommend opening a custom product request because the feature is certainly feasible -- it just would require someone to come up with an estimate and get the right resource to add the feature. -Dave

A Alexandre Silva

Hi Daniel
WPA and 802.11i provide a Pre-Shared Key (PSK) as an alternative to 802.1X based key establishment. Each station MAY have its own PSK, tied to its MAC address. When the PSK is a passphrase, the PMK is derived from the passphrase as follows:

PMK = PBKDF2(passphrase, ssid, ssidLength, 4096, 256)

Where the PBKDF2 method is from PKCS #5 v2.0: Password-based Cryptography Standard. This means that the concatenated string of the passphrase, SSID, and the SSIDlength is hashed 4096 times to generate a value of 256 bits. The lengths of the passphrase and the SSID have little impact on the speed of this operation.

If ASCII is used, the hash function reduces the key to 256 bits.

 

When a PSK is used instead of 802.1X, the PSK is the Pairwise Master Key (PMK) that is used to drive the 4-way handshake and the whole Pairwise Transient Key (PTK) keying hierarchy.

 

ASCII Passphrase  is an alphanumeric string of 8 to 63 characters. The alphanumeric string allows character spaces. The switch converts the string to a numeric value. This passphrase saves the administrator from entering the 256-bit key each time keys are generated.

Fusion 3.x allows you to enter the 256 bits Key direclty (using a hexadecimal value (and not an ASCII passphrase).  You will have to enter 16 hexadecimal digits into each of the four fields displayed (16 x 4 = 64 hexadecimal digits) As far as I am aware Fusion 3.x is available only for MPA 1.5 (MC55, MC75, VC609X), MPA 2 (MC95, MC3190) and few ADC products. I am not aware of any "workaround" this for TNT 1.0 (photon based products, like the MC70).  The last version of Fusion for these products is 2.57.x.

D David Meyer

Hi Daniel, I assume that Alex is right, and you are actually referring to a 256-bit key rather than the up-to-63 character ASCII passphrase.  Fusion on MPA 1.0 devices does not have this ability.  If this is what you need, you should open a custom product request and get this added as a custom product. -Dave

CONTACT
Can’t find what you’re looking for?