Wi-Fi is a Passion


PSK Authentication

In the blog about EAP we discussed that EAP is a very secure (depending on the method you use) authentication mechanism. Using EAP as authentication is also called WPA/WPA2 – enterprise. As the name said, you should use this all the time in enterprise environments. Another option is pre-shared keys (PSK) which is called WPA/WPA2 – Personal. Again, as the name said, you should use this in personal environment, like SOHO (Small Office Home Office). A RADIUS server, that is needed for EAP authentication, is most of the time beyond the skill for SOHO environments.

A pre-shared key uses a passphrase, an ASCII character string that is between 8 characters and 63 characters. After filling in this passphrase, a passphrase to PSK mapping finds place. The PSK is made by a hashing function named PBKDF2 (Password-Based Key Derivation Function 2). This function uses the passphrase, SSID and ssidLength. This will be hashed 4096 times to create a 256-bit PSK. PBKDF2 (PassPhrase, SSID, ssidLength, 4096, 256). Why not use the PSK instead of the passphrase? Most home users cannot remember a PSK, and if they use the PSK most of the time they will write this down. 256-bit is a 64-character string that is hard to remember. It is advisable to use at least a 20-character string, but most users use the minimum of an 8-character string.

The PSK is used as the pairwise master key (PMK) that is used for the 4-way handshake. The disadvantages of PSK is that all the clients have the same key, and as well the same PMK. PMKs in an environment with EAP have unique PMKs. When a hacker has the passphrase, through social engineering for example, and knowing the SSID, it is easy to re-create the PSK. There are online PSK generators. A hacker with the PSK, that is equal to the PMK, can derive the PTK. The pairwise transit key is created by the Authenticator Nonce (ANonce), Supplicant Nonce (SNonce), Authenticator Address (AA) and the Supplicant Address (SPA). All that information is in clear text when you capture some frames from the 4-way handshake. With the PTK you can decrypt all the encrypted unicast traffic. With this being said, you have directly the weaknesses of PSK (WPA/WPA2-Personal). Having the passphrase, you can derive the decryption key for the encrypted files. Gaining this passphrase can happen through social engineering (for example, simply asking the employees) or with dictionary attacks with tools like AirCrack-ng.

Password strength is based on the entropy of the possible outcomes. Entropy is a measurement of how certain an outcome is. To calculate the entropy, you do LOG2(N), where the N is the number of outcomes. For example, throwing a die has an outcome of 6 and if you calculate LOG2(6) the entropy will be 2.58. If you bring this back to passphrase, how secure they are, you come to the following information.
- Only numbers (0-9) = LOG2(10) = 3.32 bits per character.
- Lower case (a-z) = LOG2(26) = 4.7 bits per character.
- Lower, upper case and numbers = LOG2(62) = 5.95 bits per character.
- If you add symbols to this as well = LOG2(94) = 6.55 bits per character.

According to what is written in the 802.11i-2004 amendment, a passphrase has typically 2.5 bits per character. The formula for the strength of a key is 2.5n + 12, where n is the amount of characters in the passphrase. So, an 8-character passphrase is (2.5*8) + 12, which is 32 bits of entropy. The passphrase will still be a 256-bit PSK with 8 to 63 characters.

The question now is, what is a secure entropy for a password? Wi-Fi alliance recommends a passphrase with 20 characters or more. 20 characters have an entropy of 62 bits. Current security best practices recommend a minimum of 96 bits of entropy would be safe, but this number will be higher in the future. 96 bit means (96 – 12 = 84, 84 / 2.5 = 33.6), so at least a passphrase of 34 characters.