1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Welcome to the new DBSTalk community platform. We have recently migrated to a community platform called Xenfono and hope you will find this change to your liking. There are some differences, but for the most part, if you just post and read, that will all be the same. If you have questions, please post them in the Forum Support area. Thanks!

722 Does Not Accept 63 character Wireless WPA2 Encryption Key

Discussion in 'ViP612/622/722/722K DVR Support Forum' started by DennisL, Jan 3, 2011.

  1. Jan 3, 2011 #1 of 28
    DennisL

    DennisL New Member

    3
    0
    Feb 15, 2004
    Trying to set up my VIP-722 with a new Netgear WNDA3100V2 wireless adpater. The receiver recoginzes the adapter successfully, and the SSID scan correctly identifies the encryption on my network as WPA2 (although it's actually WPA2-PSK).

    However, when I attempt to enter my 63 character alphanumeric encryption key, the reciever accepts the first 26 characters, and then refuses to accept any characters beyond that. Each attempt to enter a new character overwrites the character in the26th position.

    WPA should accept 8-63 alphanumeric or 64 hex characters. FWIW, there is a neighbor's WEP network within range, and I tried selecting that and entering a key. Also only accepted 26 characters, which is correct for WEP 104/128.

    Receiver firmware is L672.

    Any thoughts on what might be happening here? Anyone else able to use a WPA2 key longer than 26 characters?

    Thanks.
     
  2. Jan 3, 2011 #2 of 28
    RasputinAXP

    RasputinAXP Kwisatz Haderach of Cordcuttery

    3,145
    11
    Jan 23, 2008
    ...that's a lot of characters. Realistically what are you trying to accomplish with that?

    8-10 is fine for most, 26 is kind of crazy but 63? Are you keeping state secrets on your wireless network?
     
  3. Jan 3, 2011 #3 of 28
    Jim5506

    Jim5506 Hall Of Fame

    3,633
    32
    Jun 7, 2004
    Local Wikileaks hub??:D:D
     
  4. Jan 3, 2011 #4 of 28
    Kevin F

    Kevin F Hall Of Fame

    1,128
    1
    May 9, 2010
    Hahaha +1
     
  5. Jan 4, 2011 #5 of 28
    RasputinAXP

    RasputinAXP Kwisatz Haderach of Cordcuttery

    3,145
    11
    Jan 23, 2008
    I suppose the real answer is "I've only ever used the wired ethernet connection."

    At the rate you're going you might as well set up a RADIUS server.
     
  6. Jan 4, 2011 #6 of 28
    BqWUDUDj

    BqWUDUDj Mentor

    93
    4
    Feb 26, 2007
    I use a 63-character WPA2-PSK key as well. I had a password generator spit out 63 characters at random and it's a simple matter of cut and paste to get those into the wireless acces point and all connecting computers. Windows will even put the config into a USB key. You can avoid even the cut and paste. Too bad that Dish doesn't support this.

    My receiver is wired, but I would be upset to find out that limitations of a Dish receiver restrict my house-wide wireless key to 26 characters and impose changes to all my computers (and my friends computers who visit). It's not Dish's place to make these decisions. If you are going to support WPA2-PSK (and I think it's a great thing to do), do it right.

    By the way, Windows XP has a bug in its support of WPA2-Enterprise. If you did go the RADIUS route, you'd find that your Windows XP remote desktops would disconnect after a minute or two. So that's not always an option, if you have older systems.
     
  7. Jan 4, 2011 #7 of 28
    DennisL

    DennisL New Member

    3
    0
    Feb 15, 2004
    Thanks for the responses. Yes, know that 63 characters is more than probably needed. Will probably just reduce the key length and go on. But, like BqWUDUDj, I;m annoyed that Dish has either an obvious bug or made an arbitary decision to implement a non-compliant setup. The help screen for the encryption key entry says WPA will accept an 8-63 character key.
     
  8. Jan 4, 2011 #8 of 28
    SaltiDawg

    SaltiDawg New Member

    2,383
    0
    Aug 30, 2004
    Why would you think that there are only two "obvious" bug or "arbitary" (sic) decision? It might also be that, as explained, there is simply not enough time to do the required processing with the longer key... or maybe something else. :)
     
  9. Jan 4, 2011 #9 of 28
    P Smith

    P Smith Mr. FixAnything

    21,326
    127
    Jul 25, 2002
    Mediterranea...
    If ASCII characters are used, the 256 bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1 - doesn't matter how long your passphrase is - the algo to generate the KEY is the same !
     
  10. ZBoomer

    ZBoomer Icon

    529
    0
    Feb 21, 2008
    Ya think? :lol:

    So overkill I'm kinda at a loss for words, so I'll just leave it alone.
     
  11. LtMunst

    LtMunst Hall Of Fame

    1,267
    3
    Aug 24, 2005
    This is absolutely untrue. Attacks against WPA/WPA2 are all dictionary based. The attack program will run through it's "dictionary" using the SSID salt and the key derivation function to test against the handshake. If you are stupid enough to use 12345 as your password...or any other easy password, it will be cracked. The key derivation function does not, in and of itself, make your system 256 bit secure. The system (any Crypto system actually) is only as good as the password. A 10 bit password run through a 256 bit hash algorithm is still only 10 bit secure.
     
  12. LtMunst

    LtMunst Hall Of Fame

    1,267
    3
    Aug 24, 2005
    I would lean towards believing it is a bug. There is no reason from a processing standpoint to deliberately shorten the password length. The passphrase is hashed to 256 bit key on the first pass and then that 256 bit key is passed thru the hash again....and again 4096 times total. This entire process is performed on a grand total of 4 data packets. From that point on, the data payload is encrypted with a pseudo-randomly generated 128 bit key.

    Long story short....there is no way a longer password would be a processing drain on the receiver.
     
  13. SaltiDawg

    SaltiDawg New Member

    2,383
    0
    Aug 30, 2004
    LtMunst,

    Thanks for the explanation.

    CdrSaltiDawg :)
     
  14. LtMunst

    LtMunst Hall Of Fame

    1,267
    3
    Aug 24, 2005
    Are you sure? I have seen similar behavior in the generic windows interface for entry of WEP keys. The data field may only be 26 characters long visually, but it may actually continue to take additional characters typed....or not. Worth a try to keep typing the entire passphrase even though it no longer looks like it is being taken.
     
  15. P Smith

    P Smith Mr. FixAnything

    21,326
    127
    Jul 25, 2002
    Mediterranea...
    That's right; how I forgot dict attack ... ? :nono2:
     
  16. saberfly

    saberfly Legend

    202
    3
    Apr 4, 2010
    63 characters!?!?! If you crack that code can you launch nukes?
     
  17. LtMunst

    LtMunst Hall Of Fame

    1,267
    3
    Aug 24, 2005
    Yes. :lol:
     
  18. LtMunst

    LtMunst Hall Of Fame

    1,267
    3
    Aug 24, 2005
    Paranoia aside, there is actually a good practical reason for choosing to use a full 64 character hex password. In WPA2, if a 64 character Hex is used, the entire key derivation process is skipped. The 256 bit key is used directly in the authentication. Skipping the 4096 rounds of the hash function used for Ascii passwords saves a noticeable few seconds when you first connect. It does not matter for devices that are always connected, but for laptops, smartphones, etc...it makes a difference.

    I was planning on springing for a Sling adapter and USB network adapter from Dish for my 722. If this bug is real, I will probably skip the USB adapter and swap places with my 622 (right next to router). That's easier than re-keying my 11 other network devices.
     
  19. mdavej

    mdavej Hall Of Fame

    2,401
    32
    Jan 30, 2007
    Can't you set up the adapter with the proper key on a PC then plug it in to the DVR until this bug is fixed?
     
  20. DennisL

    DennisL New Member

    3
    0
    Feb 15, 2004
    Didn't think of that, thanks. Visually it looks like the 26th character is overwritten by each subsequent one. Already switched to shorter key, which works fine. Will try a longer one when I get the chance.

    Thanks for the explanations on the hash algorithm.
     

Share This Page