What is a WEP Passphrase

Secure WLAN through WPA and 802.11i, part 3

WPA with passphrase

The handshake described in the previous section basically runs with WPA. The user will never have to define any TKIP or Michael keys himself. In environments in which there is no RADIUS server to issue the master secret (smaller companies or home users), WPA therefore provides for the PSK method in addition to authentication via a RADIUS server.

The user must enter a passphrase between eight and 32 characters on both the access point and all stations. Together with the SSID used, the master secret is calculated from this using a hash process. The master secret is therefore constant in such a PSK network. However, the nonces ensure that different TKIP keys still result.

In a PSK network, as with WEP, both access protection and confidentiality depend on the passphrase not falling into unauthorized hands. As long as this is guaranteed, WPA-PSK offers significantly higher security against break-ins and eavesdropping than any WEP variant. For larger installations in which such a passphrase would have to be made known to a large number of users, EAP / 802.1x is used in conjunction with the key handshake described here.

LANCOM Systems has closed this potential security gap with the LEPS feature (LANCOM Enhanced Passphrase Security). Without a complicated and expensive server infrastructure, each client is assigned an individual passphrase based on its MAC address via the entry in the ACL (Access Control List). Company-wide passphrases and the associated risks are therefore unnecessary.