Mastering the Use of Wi-Fi Network Security Keys

Chaos Computer Club 29C3 (2012)
Chaos Computer Club 29C3 (2012).

One essential aspect of setting up Wi-Fi wireless connection setups is to enable security with the correct settings. If these settings are misconfigured, Wi-Fi devices can fail to connect to the local network (else security may not actually be turned on).

Although there are a few steps involved in configuring security on a Wi-Fi network, the management of wireless keys turns out to be the most important.

These keys are digital passwords (sequences of letters and/or digits, technically called a "string") that all devices on a network need to know in order to connect with each other. In particular, all devices on a local Wi-Fi network share a common key.

Rules for Making Wi-Fi Keys

Setting up security on a Wi-Fi network router, wireless hotspot or client device involves choosing from among a list of security options and then entering a key string that the device stores away. Wi-Fi keys exist in two basic forms:

  • ASCII – a sequence of letters and/or decimal numbers
  • hex – a sequence of hexadecimal numbers

Hex keys (strings like '0FA76401DB', without the quotes) are the standard format that Wi-Fi devices understand. ASCII keys are also called passphrases because people often choose easy-to-remember words and phrases for their keys, like 'ilovewifi' or 'hispeed1234'. Note that some Wi-Fi devices support only hex keys and will either disallow entering passphrase characters or report an error when trying to save a passphrase.

Wi-Fi devices convert both ASCII and hex keys into binary numbers that become the actual key value used by the Wi-Fi hardware to encrypt data sent over the wireless link.

The most common security options used for home networking include 64-bit or 128-bit WEP (not recommended due to its inferior level of protection), WPA and WPA2).

Some restrictions on the choice of Wi-Fi key depend on the option chosen as follows:

  • 64-bit WEP - passphrases must be exactly 5 ASCII characters; keys must be exactly 10 hexadecimal digits
  • 128-bit WEP - passphrases must be exactly 13 ASCII characters; keys must be exactly 26 hexadecimal digits
  • WPA and WPA2 – passphrases must be between 8 and 63 ASCII characters; keys must be 64 hex digits

Follow these additional rules that apply to all of the above options when making Wi-Fi keys:

  • 1. Choose keys larger than the minimum length if possible. Longer keys are more difficult to be compromised, although they are also much more difficult for people to remember.

    2. Because all of the above Wi-Fi options use case-sensitive keys, ensure that shared keys match exactly including the use of lower- and upper-case letters.

Synchronizing Keys Across Local Devices

The simplest method to ensure all devices on a home or local network are correctly configured with the same Wi-Fi key is to first set a key for the router (or another access point) and then systematically update each client one by one to use the matching string. Exact steps for applying a Wi-Fi key to a router or other device vary slightly depending on the specific hardware involved, but as a general rule:

  • enter keys into the router’s administration page for wireless settings
  • enter keys into a client device through its Settings app or operating system control panel

See also - How to Configure WPA Wireless Security in Windows

 

Finding Keys for Routers and Hotspots

Because the sequence of numbers and letters in a Wi-Fi can be long, it's fairly common to mistype the value or simply forget what it is. To find the key string currently in use for a wireless home network, log into the local router as an administrator and look up the value from the appropriate console page. As a device cannot authenticate with the router unless it already has the correct key, connect a device to the router via Ethernet cable if necessary.

Some home routers come from the manufacturer with a Wi-Fi security option already turned on and a default key pre-installed on the device. These routers typically have a sticker on the bottom of the unit showing the key string. While these keys are private and generally safe to use within a home, the stickers enable anyone inside a home to see its network settings and join additional client devices to the network without an owner’s knowledge. To avoid this risk, some prefer to override the key on such routers with a different string immediately when first installing them.