Quick Instructions

Mar 24, 2007

  1. Select the size of the key you would like to generate. I've preselected the best size for you.
  2. Hit the "generate" button. Your random key will appear in the text box.
  3. Select the random key (click on the box and type [cntrl-a]) and copy it to your clipboard [cntrl-c]. Be sure you select the entire key!
  4. Paste [cntrl-v] this key into the configuration screens for both your wireless basestation and your wireless client.
  5. Enjoy your new life of ease and security.

Key size: False Security (8 characters)
  Bare Minimum Security (20 characters)
  Maximum WPA Security (63 characters)
  Custom Size: characters (For wpa, must be between 8 and 63.)

Explanation of Secure Password Generation

Mar 24, 2007

What good is a fancy new wireless encryption and authentication system (wpa-psk) if you use an easy-to-guess passphrase?

Answer: Not very good. WPA, as part of the initial implementation of 802.11i, includes a host of new features designed to patch the gaping holes in the previous wireless encryption and authentication protocol, WEP. Wpa-psk, the less secure version of WPA for those of us who do not have a PEAP authentication server, relies upon a common pre-shared key ("psk" - get it??) to initialize the communication.

Unfortunately, a clever hacker can trick your wireless basestation into revealing the initial handshake between your basestation and wireless clients, and then run a brute-force/dictionary attack on the handshake to recover the pre-shared key. Even worse, the attack can be done offline at a high rate of speed.

The upshot: While wpa-psk will keep out casual wardrivers, a determined intruder, given enough time, can always hack into your network. If you use a poor passphrase (like, oh, "passphrase"), a dictionary attack could render your wpa-psk useless in 30 seconds. Your goal, then, is to use a sufficiently strong password that would require an intruder to spend years (given today's computing power) to brute-force your passphrase. And, frankly, if you have data that people would spend years trying to obtain, then perhaps you should look elsewhere for some stronger security.

In the meantime, there are websites devoted to telling you how to generate random keys at home, as well as some sites that generate various WEP keys for you. This page will generate a wpa-psk of whatever size you like, safely and securely. (Plus you don't have to roll a die a couple hundred times.)

How does this page work?

This page uses the javascript functions built into your web browser to generate a random password for you. If you want to see the code for yourself, find your browser's "view-source" menu item.

Importantly, using javascript, all of the computational work for key generation takes place on your own computer. No-one but you knows what random key you got. It is not sent across the internet and there is no way for me (or anyone else) to record your key.

Compare a few other sites on the internet, where the actual key generation takes place on their webserver and they transmit the key to you (hopefully over a secure connection). If you use one of these services, your key is only as secure as your trust for their webservers.

Note: The code for key generation is based upon that distributed freely by the kind folks at Warewolf Labs.