Jump to content


Welcome to DBSTalk


Sign In 

Create Account
Welcome to DBSTalk. Our community covers all aspects of video delivery solutions including: Direct Broadcast Satellite (DBS), Cable Television, and Internet Protocol Television (IPTV). We also have forums to discuss popular television programs, home theater equipment, and internet streaming service providers. Members of our community include experts who can help you solve technical problems, industry professionals, company representatives, and novices who are here to learn.

Like most online communities you must register to view or post in our community. Sign-up is a free and simple process that requires minimal information. Be a part of our community by signing in or creating an account. The Digital Bit Stream starts here!
  • Reply to existing topics or start a discussion of your own
  • Subscribe to topics and forums and get email updates
  • Send private personal messages (PM) to other forum members
  • Customize your profile page and make new friends
 
Guest Message by DevFuse

Photo
- - - - -

722 Does Not Accept 63 character Wireless WPA2 Encryption Key


  • Please log in to reply
27 replies to this topic

#1 OFFLINE   DennisL

DennisL

    New Member

  • Registered
  • 3 posts
Joined: Feb 15, 2004

Posted 03 January 2011 - 06:11 PM

Trying to set up my VIP-722 with a new Netgear WNDA3100V2 wireless adpater. The receiver recoginzes the adapter successfully, and the SSID scan correctly identifies the encryption on my network as WPA2 (although it's actually WPA2-PSK).

However, when I attempt to enter my 63 character alphanumeric encryption key, the reciever accepts the first 26 characters, and then refuses to accept any characters beyond that. Each attempt to enter a new character overwrites the character in the26th position.

WPA should accept 8-63 alphanumeric or 64 hex characters. FWIW, there is a neighbor's WEP network within range, and I tried selecting that and entering a key. Also only accepted 26 characters, which is correct for WEP 104/128.

Receiver firmware is L672.

Any thoughts on what might be happening here? Anyone else able to use a WPA2 key longer than 26 characters?

Thanks.

...Ads Help To Support This Site...

#2 OFFLINE   RasputinAXP

RasputinAXP

    Kwisatz Haderach of Cordcuttery

  • Registered
  • 3,141 posts
Joined: Jan 23, 2008

Posted 03 January 2011 - 09:21 PM

...that's a lot of characters. Realistically what are you trying to accomplish with that?

8-10 is fine for most, 26 is kind of crazy but 63? Are you keeping state secrets on your wireless network?

"Belligerent and numerous."

SlingTV, Tablo and Plex to Roku 3s and Chromecasts on a Vizio 42" in the living room and a Toshiba 32" in my bedroom. Xbox 360 client on a Westinghouse 42" in the game room. Tablets EVERYWHERE!

 

I used to update the Dish Network FAQ but not anymore.


#3 OFFLINE   Jim5506

Jim5506

    Hall Of Fame

  • Registered
  • 3,565 posts
Joined: Jun 07, 2004

Posted 03 January 2011 - 09:30 PM

Local Wikileaks hub??:D:D
Tuners: Hopper 2000; Hopper w/Sling; 3 Joeys; Samsung SIR-T351; Accurian 6000;2 X HD TiVo; 2 X TiVo Series 2 Stand alone; Panasonic Showstopper 2000
Dish 1000.2 @ 110, 119, 129; dish 500 @ 61.5
Antennas - CM4228; RS U75-R; coathanger; Funke PSP.1922 (stillin the box); paperclip
Displays: Sony VPH D50Q with HD Fury HDMI input; Hitachi 57F59; Sony Bravia LCD;Sanyo 32" LCD; Panasonic 42" plasma
Sony 80GB PS3; Toshiba HD-DVD

Give me a Finco colinear array and I'll rule the world - HA-HA-HA-HA!

#4 OFFLINE   Kevin F

Kevin F

    Hall Of Fame

  • Registered
  • 1,128 posts
Joined: May 09, 2010

Posted 03 January 2011 - 09:33 PM

Local Wikileaks hub??:D:D


Hahaha +1
Kevin

Good TV (Cable). Better TV (Dish Network). DirecTV.

My Setup

#5 OFFLINE   RasputinAXP

RasputinAXP

    Kwisatz Haderach of Cordcuttery

  • Registered
  • 3,141 posts
Joined: Jan 23, 2008

Posted 04 January 2011 - 08:22 AM

I suppose the real answer is "I've only ever used the wired ethernet connection."

At the rate you're going you might as well set up a RADIUS server.

"Belligerent and numerous."

SlingTV, Tablo and Plex to Roku 3s and Chromecasts on a Vizio 42" in the living room and a Toshiba 32" in my bedroom. Xbox 360 client on a Westinghouse 42" in the game room. Tablets EVERYWHERE!

 

I used to update the Dish Network FAQ but not anymore.


#6 OFFLINE   BqWUDUDj

BqWUDUDj

    Mentor

  • Registered
  • 93 posts
Joined: Feb 26, 2007

Posted 04 January 2011 - 09:13 AM

I use a 63-character WPA2-PSK key as well. I had a password generator spit out 63 characters at random and it's a simple matter of cut and paste to get those into the wireless acces point and all connecting computers. Windows will even put the config into a USB key. You can avoid even the cut and paste. Too bad that Dish doesn't support this.

My receiver is wired, but I would be upset to find out that limitations of a Dish receiver restrict my house-wide wireless key to 26 characters and impose changes to all my computers (and my friends computers who visit). It's not Dish's place to make these decisions. If you are going to support WPA2-PSK (and I think it's a great thing to do), do it right.

By the way, Windows XP has a bug in its support of WPA2-Enterprise. If you did go the RADIUS route, you'd find that your Windows XP remote desktops would disconnect after a minute or two. So that's not always an option, if you have older systems.

#7 OFFLINE   DennisL

DennisL

    New Member

  • Topic Starter
  • Registered
  • 3 posts
Joined: Feb 15, 2004

Posted 04 January 2011 - 12:06 PM

Thanks for the responses. Yes, know that 63 characters is more than probably needed. Will probably just reduce the key length and go on. But, like BqWUDUDj, I;m annoyed that Dish has either an obvious bug or made an arbitary decision to implement a non-compliant setup. The help screen for the encryption key entry says WPA will accept an 8-63 character key.

#8 OFFLINE   SaltiDawg

SaltiDawg

    Hall Of Fame

  • Registered
  • 2,377 posts
Joined: Aug 30, 2004

Posted 04 January 2011 - 12:52 PM

... I;m annoyed that Dish has either an obvious bug or made an arbitary decision to implement a non-compliant setup. ...

Why would you think that there are only two "obvious" bug or "arbitary" (sic) decision? It might also be that, as explained, there is simply not enough time to do the required processing with the longer key... or maybe something else. :)

#9 OFFLINE   P Smith

P Smith

    Mr. FixAnything

  • Registered
  • 20,391 posts
  • LocationMediterranean Sea
Joined: Jul 25, 2002

Posted 04 January 2011 - 01:12 PM

If ASCII characters are used, the 256 bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1 - doesn't matter how long your passphrase is - the algo to generate the KEY is the same !

#10 OFFLINE   ZBoomer

ZBoomer

    Icon

  • Registered
  • 529 posts
Joined: Feb 21, 2008

Posted 05 January 2011 - 12:16 AM

Yes, know that 63 characters is more than probably needed.


Ya think? :lol:

So overkill I'm kinda at a loss for words, so I'll just leave it alone.
Hopper 2000, 2x Joey 1.0 Dish Receivers, "America's Everything pack" with PlatHD
Pioneer Kuro PDP-6010FD 60" Plasma Display on Hopper (me), Samsung 40" LCD on Joey #1 (wife), Dell ST2410 HD Monitor on Joey #2 (office.)
Pioneer VSX-1018AH-K AVR Receiver, PS3, Klipsch Reference-Series Speakers

#11 OFFLINE   LtMunst

LtMunst

    Hall Of Fame

  • Registered
  • 1,267 posts
Joined: Aug 24, 2005

Posted 05 January 2011 - 02:24 PM

If ASCII characters are used, the 256 bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1 - doesn't matter how long your passphrase is - the algo to generate the KEY is the same !


This is absolutely untrue. Attacks against WPA/WPA2 are all dictionary based. The attack program will run through it's "dictionary" using the SSID salt and the key derivation function to test against the handshake. If you are stupid enough to use 12345 as your password...or any other easy password, it will be cracked. The key derivation function does not, in and of itself, make your system 256 bit secure. The system (any Crypto system actually) is only as good as the password. A 10 bit password run through a 256 bit hash algorithm is still only 10 bit secure.

#12 OFFLINE   LtMunst

LtMunst

    Hall Of Fame

  • Registered
  • 1,267 posts
Joined: Aug 24, 2005

Posted 05 January 2011 - 02:45 PM

Why would you think that there are only two "obvious" bug or "arbitary" (sic) decision? It might also be that, as explained, there is simply not enough time to do the required processing with the longer key... or maybe something else. :)


I would lean towards believing it is a bug. There is no reason from a processing standpoint to deliberately shorten the password length. The passphrase is hashed to 256 bit key on the first pass and then that 256 bit key is passed thru the hash again....and again 4096 times total. This entire process is performed on a grand total of 4 data packets. From that point on, the data payload is encrypted with a pseudo-randomly generated 128 bit key.

Long story short....there is no way a longer password would be a processing drain on the receiver.

#13 OFFLINE   SaltiDawg

SaltiDawg

    Hall Of Fame

  • Registered
  • 2,377 posts
Joined: Aug 30, 2004

Posted 05 January 2011 - 03:23 PM

...
Long story short....there is no way a longer password would be a processing drain on the receiver.

LtMunst,

Thanks for the explanation.

CdrSaltiDawg :)

#14 OFFLINE   LtMunst

LtMunst

    Hall Of Fame

  • Registered
  • 1,267 posts
Joined: Aug 24, 2005

Posted 05 January 2011 - 03:25 PM

However, when I attempt to enter my 63 character alphanumeric encryption key, the reciever accepts the first 26 characters, and then refuses to accept any characters beyond that. Each attempt to enter a new character overwrites the character in the26th position.


Are you sure? I have seen similar behavior in the generic windows interface for entry of WEP keys. The data field may only be 26 characters long visually, but it may actually continue to take additional characters typed....or not. Worth a try to keep typing the entire passphrase even though it no longer looks like it is being taken.

#15 OFFLINE   P Smith

P Smith

    Mr. FixAnything

  • Registered
  • 20,391 posts
  • LocationMediterranean Sea
Joined: Jul 25, 2002

Posted 05 January 2011 - 06:10 PM

This is absolutely untrue. Attacks against WPA/WPA2 are all dictionary based. The attack program will run through it's "dictionary" using the SSID salt and the key derivation function to test against the handshake. If you are stupid enough to use 12345 as your password...or any other easy password, it will be cracked. The key derivation function does not, in and of itself, make your system 256 bit secure. The system (any Crypto system actually) is only as good as the password. A 10 bit password run through a 256 bit hash algorithm is still only 10 bit secure.


That's right; how I forgot dict attack ... ? :nono2:

#16 OFFLINE   saberfly

saberfly

    Legend

  • Registered
  • 202 posts
Joined: Apr 04, 2010

Posted 05 January 2011 - 09:35 PM

63 characters!?!?! If you crack that code can you launch nukes?

#17 OFFLINE   LtMunst

LtMunst

    Hall Of Fame

  • Registered
  • 1,267 posts
Joined: Aug 24, 2005

Posted 06 January 2011 - 09:35 AM

63 characters!?!?! If you crack that code can you launch nukes?


Yes. :lol:

#18 OFFLINE   LtMunst

LtMunst

    Hall Of Fame

  • Registered
  • 1,267 posts
Joined: Aug 24, 2005

Posted 06 January 2011 - 09:47 AM

Paranoia aside, there is actually a good practical reason for choosing to use a full 64 character hex password. In WPA2, if a 64 character Hex is used, the entire key derivation process is skipped. The 256 bit key is used directly in the authentication. Skipping the 4096 rounds of the hash function used for Ascii passwords saves a noticeable few seconds when you first connect. It does not matter for devices that are always connected, but for laptops, smartphones, etc...it makes a difference.

I was planning on springing for a Sling adapter and USB network adapter from Dish for my 722. If this bug is real, I will probably skip the USB adapter and swap places with my 622 (right next to router). That's easier than re-keying my 11 other network devices.

Edited by LtMunst, 06 January 2011 - 10:16 AM.


#19 OFFLINE   mdavej

mdavej

    Hall Of Fame

  • Registered
  • 2,290 posts
Joined: Jan 30, 2007

Posted 06 January 2011 - 10:55 AM

Can't you set up the adapter with the proper key on a PC then plug it in to the DVR until this bug is fixed?

#20 OFFLINE   DennisL

DennisL

    New Member

  • Topic Starter
  • Registered
  • 3 posts
Joined: Feb 15, 2004

Posted 06 January 2011 - 10:57 AM

Are you sure? I have seen similar behavior in the generic windows interface for entry of WEP keys. The data field may only be 26 characters long visually, but it may actually continue to take additional characters typed....or not. Worth a try to keep typing the entire passphrase even though it no longer looks like it is being taken.


Didn't think of that, thanks. Visually it looks like the 26th character is overwritten by each subsequent one. Already switched to shorter key, which works fine. Will try a longer one when I get the chance.

Thanks for the explanations on the hash algorithm.

#21 OFFLINE   LtMunst

LtMunst

    Hall Of Fame

  • Registered
  • 1,267 posts
Joined: Aug 24, 2005

Posted 06 January 2011 - 01:18 PM

Can't you set up the adapter with the proper key on a PC then plug it in to the DVR until this bug is fixed?



No, the password is saved on the host device, not the adapter.

#22 OFFLINE   YurMom

YurMom

    New Member

  • Registered
  • 3 posts
  • LocationOver there
Joined: Apr 23, 2013

Posted 23 April 2013 - 09:54 PM

I know this a very old thread but I was wondering if anyone found out the truth of this.  The help screen indeed states upto 64 characters but one can only enter 26.  Has Dish released a new wireless adapter that DOES allow for 63/64H keys?

 

It would be extremely lame for Dish to say I need to lower my security because they don't understand how easy it is to BRUTE FORCE now days.. a 2 or 3 machine PS3 cluster and viola :smoking: !

 

(They used a PS3 super cluster to break open SSL certificates)

 

BTW... unless you don't care for your identity !rolling , these days to use anything less than the longest, random key is asking to spend the next five or ten years just trying to prove you are you :eek2:  .  If you don't understand that some areas of this country are 'trolled' for wireless signals (even non-broadcast SSID's) more than yours, it doesn't mean my key is overkill just that yours is much easier to break and run with your identity.

 

Personally, if DishNetwork doesn't understand this either would not be a surprise  :bang  ... no 3D, multiple issues with 1080p on the 722, etc.

 

Will DishNetwork ever step at least into yesterday :blackeye:  so we can start using our products to their FULLEST potential!!!

 


If you like security... don't listen to someone using less than you.


#23 OFFLINE   Orion9

Orion9

    Legend

  • Registered
  • 245 posts
Joined: Jan 31, 2011

Posted 23 April 2013 - 10:04 PM

Has anyone tried entering more characters? It might be a display bug rather than a data entry bug. Maybe. I have another wi-fi device that doesn't appear to allow more than 32 characters but it really does - just doesn't display them.

#24 OFFLINE   YurMom

YurMom

    New Member

  • Registered
  • 3 posts
  • LocationOver there
Joined: Apr 23, 2013

Posted 23 April 2013 - 10:40 PM

I cant enter more than 26 characters.  It stops adding any characters... they are not hidden so you can tell whats being taken.

 

Also, my network is WPA2 but I hide my SSID.  The adapter, by default, sets my network type to WPA (not WPA2) after I type in my SSID.  I will call Dish tomorrow but thought Id try with some people with actual training on this before some basic CSR... good as Dish's CSR's may be.

 

It really seems like no one in the Dish Executive branches are paying ANY attention.


Edited by YurMom, 23 April 2013 - 10:40 PM.

If you like security... don't listen to someone using less than you.


#25 OFFLINE   RasputinAXP

RasputinAXP

    Kwisatz Haderach of Cordcuttery

  • Registered
  • 3,141 posts
Joined: Jan 23, 2008

Posted 24 April 2013 - 08:35 AM

I know this a very old thread but I was wondering if anyone found out the truth of this.  The help screen indeed states upto 64 characters but one can only enter 26.  Has Dish released a new wireless adapter that DOES allow for 63/64H keys?

 

It would be extremely lame for Dish to say I need to lower my security because they don't understand how easy it is to BRUTE FORCE now days.. a 2 or 3 machine PS3 cluster and viola :smoking: !

 

(They used a PS3 super cluster to break open SSL certificates)

 

BTW... unless you don't care for your identity !rolling , these days to use anything less than the longest, random key is asking to spend the next five or ten years just trying to prove you are you :eek2:  .  If you don't understand that some areas of this country are 'trolled' for wireless signals (even non-broadcast SSID's) more than yours, it doesn't mean my key is overkill just that yours is much easier to break and run with your identity.

 

Then why use wireless at all? Why use WPA2? Why not use WPA2 Enterprise with RADIUS if you're that concerned about data safety?


"Belligerent and numerous."

SlingTV, Tablo and Plex to Roku 3s and Chromecasts on a Vizio 42" in the living room and a Toshiba 32" in my bedroom. Xbox 360 client on a Westinghouse 42" in the game room. Tablets EVERYWHERE!

 

I used to update the Dish Network FAQ but not anymore.





Protected By... spam firewall...And...