Is key length important when using WPA-PSK Encryption ?

The default key that came with my DSL modem/router/switch is 10 characters
long. I was planning to change the key and make it longer, but a DSL tech
support person with my ISP indicated a longer key wouldn't be any more secure
than a 10 digit key and that a longer key could/would cause my home network
to slow down because of unnecessary overhead. Is this tech on top of his
game?
--
So much to learn... So little time.

In simple words NO!

The longer the key the more secure it is. Short keys in WPA can make it less
secure than WEP!

--
David Hettel

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

DISCLAIMER: This posting is provided "AS IS" with no warranties, and
confers no rights


"Roughneck" <(E-Mail Removed)> wrote in message
news:9F29C778-632C-4CC4-B1A8-(E-Mail Removed)...
> The default key that came with my DSL modem/router/switch is 10 characters
> long. I was planning to change the key and make it longer, but a DSL tech
> support person with my ISP indicated a longer key wouldn't be any more
> secure
> than a 10 digit key and that a longer key could/would cause my home
> network
> to slow down because of unnecessary overhead. Is this tech on top of his
> game?
> --
> So much to learn... So little time.

Thanks for the reply, David.

Would a 10 character key be considered a "short" key?

Is there any consensus or generally accepted rules in regards to how many
characters would be needed in a key for it to be considered
poor/fair/good/better/best? (I'm assuming the key does not consist of any
words or combination of words that could be found in a dictionary.)

Is there a point at which the benefit from increasing the number of
characters might begin to fall off and/or begin to adversely affect network
traffic?

I assume there's a limit as to the number of characters that can be used in
a key. If so, do you know what it is?

Thanks so much for any additional help you can give.
--
So much to learn... So little time.


"David Hettel" wrote:

> In simple words NO!
>
> The longer the key the more secure it is. Short keys in WPA can make it less
> secure than WEP!
>
> --
> David Hettel
>
> Please post any reply as a follow-up message in the news group
> for everyone to see. I'm sorry, but I don't answer questions
> addressed directly to me in E-mail or news groups.
>
> Microsoft Most Valuable Professional Program
> http://mvp.support.microsoft.com
>
> DISCLAIMER: This posting is provided "AS IS" with no warranties, and
> confers no rights
>
>
> "Roughneck" <(E-Mail Removed)> wrote in message
> news:9F29C778-632C-4CC4-B1A8-(E-Mail Removed)...
> > The default key that came with my DSL modem/router/switch is 10 characters
> > long. I was planning to change the key and make it longer, but a DSL tech
> > support person with my ISP indicated a longer key wouldn't be any more
> > secure
> > than a 10 digit key and that a longer key could/would cause my home
> > network
> > to slow down because of unnecessary overhead. Is this tech on top of his
> > game?
> > --
> > So much to learn... So little time.
>
>
>

http://www.kurtm.net/wpa-pskgen/

read through this page, he gives some good advice

GM

Interesting! And I was wondering if I would be over-doing it with a 20
character key.
--
So much to learn... So little time.


"Gordon May" wrote:

> http://www.kurtm.net/wpa-pskgen/
>
> read through this page, he gives some good advice
>
> GM
>
>
>

On Mon, 9 Oct 2006 15:35:02 -0700, Roughneck
<(E-Mail Removed)> wrote:

>The default key that came with my DSL modem/router/switch is 10 characters
>long. I was planning to change the key and make it longer, but a DSL tech
>support person with my ISP indicated a longer key wouldn't be any more secure
>than a 10 digit key and that a longer key could/would cause my home network
>to slow down because of unnecessary overhead. Is this tech on top of his
>game?

i use a 64-character WAP key on my wireless router. i've noticed no
problems. if there is any slowdown its negligible.

73,
rich, n9dko

On Mon, 9 Oct 2006 17:20:02 -0700, Roughneck
<(E-Mail Removed)> wrote:

>Thanks for the reply, David.
>
>Would a 10 character key be considered a "short" key?
>
>Is there any consensus or generally accepted rules in regards to how many
>characters would be needed in a key for it to be considered
>poor/fair/good/better/best? (I'm assuming the key does not consist of any
>words or combination of words that could be found in a dictionary.)
>
>Is there a point at which the benefit from increasing the number of
>characters might begin to fall off and/or begin to adversely affect network
>traffic?

at the rate at which data is processed the extra time needed must be
infinitestimal.

>
>I assume there's a limit as to the number of characters that can be used in
>a key. If so, do you know what it is?

64. longer is better.
>
>Thanks so much for any additional help you can give.

i think i typed "WAP" in an earlier post when i meant "WPA". in any
case use the longer key and rest easy.

73,
rich, n9dko

Thanks again, everyone--you're help is VERY much appreciated. I'll get the
key beefed up right away.
--
So much to learn... So little time.


"Roughneck" wrote:

> The default key that came with my DSL modem/router/switch is 10 characters
> long. I was planning to change the key and make it longer, but a DSL tech
> support person with my ISP indicated a longer key wouldn't be any more secure
> than a 10 digit key and that a longer key could/would cause my home network
> to slow down because of unnecessary overhead. Is this tech on top of his
> game?
> --
> So much to learn... So little time.

Philip Doragh <(E-Mail Removed)> wrote:

<snip>

> The tech is completely wrong and has no earthly clue about how WPA-PSK is
> designed and implemented. The PSK (Pre-Shared Key) is not used to actually
> encrypt the data and its length does not change the length of the encryption
> key. The PSK is used by the client and AP to authenticate each other and
> produce the encryption key through a known shared algorithm (TKIP for WPA,
> AES for WPA2).

True, but a short key can be broken using a dictionary- or brute force
attack. That said, the way WPA-PSK is implemented in no way slows down
the connection because the RC4 cipher still uses the hardware on the
chipset the same way as WEP.