WPA key calculation

From passphrase to hexadecimal passkey

A wireless network with WPA-PSK encryption requires a passphrase (the pre-shared key) to be entered to get access to the network. Most wireless drivers accept the passphrase as a string of at most 63 characters, and internally convert the passphrase to a 256-bit key. However, some software also allows the key to be entered directly in the form of 64 hexadecimal digits. It is therefore occasionally useful to be able to calculate the 64-digit hexadecimal key that corresponds to a given passphrase. We have found that some wireless routers do not match well between passphrase on a station and it may be more compatible to use passkey instead.

This page explains how WPA software computes the hexadecimal key from the passphrase and the network SSID.

The form below demonstrates this calculation for any given input.

Network SSID (up to 32 characters):
WPA passphrase (8 to 63 characters):
   
Hexadecimal passkey (64 digits):                                                                 

How to use the form

Enter the network SSID string (at most 32 alphanumeric characters) and the passphrase (at least 8 and at most 63 ASCII characters) in the form above and click Calculate. Make sure that you don't accidentally type space characters before/after the string. The derived key will appear in the form as a sequence of 64 hexadecimal digits.

Note that the calculation is quite slow. Please wait for a response...

The Test button can be used to check that your web browser computes the correct result for a sample case (SSID = linksys54gh and passphrase=radiustest.  The resulting passkey should = 9e9988bde2cba74395c0289ffda07bc41ffa889a3309237a2240c934bcdc7ddb. Testing is recommended, since a broken Javascript engine may compute incorrect key values. A number of popular web browsers have been tested, and all of them seem to work correctly.

A word about entering passwords on web forms

Of course, blindly entering your SSID and passphrase in a web form compromise your security. However, this particular form is safe because it does not send any data over the network; all calculations are done in Javascript on your own computer. You can actually copy this page down to your local computer if you want to be even safer.

Details of the calculation

For WPA-PSK encryption, the binary key is derived from the passphrase according to the following formula: 

  Key = PBKDF2(passphrase, ssid, 4096, 256)

The function PBKDF2 is a standardized method to derive a key from a passphrase. It is specified in RFC2898 with a clear explanation on how to compute it. The function needs an underlying pseudorandom function. In the case of WPA, the underlying function is HMAC-SHA1.
SHA1 is a function that computes a 160-bit hash from an arbitrary amount of input data. It is clearly explained in RFC3174. HMAC is a standardized method to turn a cryptographic hash function into a keyed message authentication function. It is specified in RFC2104.

To summarize, the key derivation process involves iterating a HMAC-SHA1 function 4096 times, and then doing that again to produce more key bits. The amount of computation involved is equivalent to computing the SHA1 hash over 1 MByte of data. Perhaps that explains why the Javascript on this page is so slow.