PSK or Pre-shared Key
Wpa2 Psk Generator
Aug 22, 2018 New tool available in the Meraki dashboard to assess if your network is impacted. On August 4, 2018, a new method to exploit a known vulnerability was announced by Jens Steube from the Hashcat project for wireless networks that use WPA1/WPA2-PSK (pre-shared key), allowing attackers to obtain the PSK being used for the particular SSID.
PSK is a key both peers use to identify themselves to each other. If one pre-shared key is different from the other, then the authentication will not be successful. In a real world scenario you would specify this on a VPN Gateway at one site, such as a firewall with VPN capabilities and then specify the exact same key on the other site’s VPN Firewall. So it is a way for a device to prove it is authorised by providing a pre-shared key identical to the opposite peer in negotiation.
Pre shared keys are easier to configure than digital certificates, and are typically used for small to medium sized businesses that require a VPN connection. You would usually communicate a pre-shared key via the phone or in person so that it is not captured by anyone such as a hacker sniffing the network.
You would then specify your pre-shared key within your VPN configurations, and do the same at the peer end. A VPN gateway should use long Pre-shared keys to eliminate chances of being hacked, 10 plus characters is recommended. For large networks though, digital certificates should be implemented over pre-shared keys as digital certificates are scalable.
Also see PKI
Further Reading
Wikipedia's guide to Pre-shared Key
The Code4use WPA Pre-shared Key Generator provides an easy way to convert a WPA passphrase and SSID to the 256-bit pre-shared ('raw') key used for key derivation.
WPA-PSK (pre-shared key) mode, this is designed for home and small office networks and doesn't require an authentication server. Each wireless network device encrypts the network traffic by deriving its 128-bit encryption key from a 256 bit shared key. This key may be entered either as a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters. If ASCII characters are used, the 256 bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1. WPA-Personal mode is available with both WPA and WPA2
Retrieved 2016-06-19. Cite journal requires journal=. (PDF). CSFW 2004,., (18 January 2014). Https generate key and certificate pdf.
Pre-shared key WPA remain vulnerable to password cracking attacks if users rely on a weak password or passphrase.
Brute forcing of simple passwords can be attempted using the Aircrack Suite starting from the four-way authentication handshake exchanged during association or periodic re-authentication.
To further protect against intrusion, the network's SSID should not match any entry in the top 1,000 SSIDs as downloadable rainbow tables have been pre-generated for them and a multitude of common passwords.
Directions:
Type or paste in your WPA passphrase and SSID below. Wait a while. The PSK will be calculated by your browser. Javascript isn't known for its blistering crypto speed. None of this information will be sent over the network. Run a trace with Code4use if you don't believe us.