WPA key calculation

From passphrase to hexadecimal key

A wireless network with WPA-PSK encryption requires a passphrase (the pre-shared key) to be entered to get access to the network. Most wireless drivers accept the passphrase as a string of at most 63 characters, and internally convert the passphrase to a 256-bit key. However, some software also allows the key to be entered directly in the form of 64 hexadecimal digits. It is therefore occasionally useful to be able to calculate the 64-digit hexadecimal key that correspons to a given passphrase.

This page explains how WPA software computes the hexadecimal key from the passphrase and the network SSID. The form below demonstrates this calculation for any given input.

Network SSID:
WPA passphrase:
   
Hexadecimal key:                                                                 

How to use the form

Enter the network SSID string (at most 32 alphanumeric characters) and the passphrase (at least 8 and at most 63 ASCII characters) in the form above and click Calculate. Make sure that you don't accidentally type space characters before/after the string. The derived key will appear in the form as a sequence of 64 hexadecimal digits.

The Test button can be used to check that your web browser computes the correct result for a sample case. Testing is recommended, since a broken Javascript engine may compute incorrect key values. A number of popular web browsers have been tested, and all of them seem to work correctly.

A word about entering passwords on web forms

Of course, blindly entering your SSID and passphrase in a web form would be quite stupid indeed. However, this particular form is safe because it does not send any data over the network; all calculations are done in Javascript on your own computer.

Please don't even take my word for it. Instead, download this webpage to your computer, look through the HTML code to make sure I don't play any tricks, then open the downloaded page in your browser and use it.

Details of the calculation

For WPA-PSK encryption, the binary key is derived from the passphrase according to the following formula:

  Key = PBKDF2(passphrase, ssid, 4096, 256)

The function PBKDF2 is a standardized method to derive a key from a passphrase. It is specified in RFC2898 with a clear explanation on how to compute it. The function needs an underlying pseudorandom function. In the case of WPA, the underlying function is HMAC-SHA1.
SHA1 is a function that computes a 160-bit hash from an arbitrary amount of input data. It is clearly explained in RFC3174. HMAC is a standardized method to turn a cryptographic hash function into a keyed message authentication function. It is specified in RFC2104.

To summarize, the key derivation process involves iterating a HMAC-SHA1 function 4096 times, and then doing that again to produce more key bits.


2006-12-06 Joris van Rantwijk