Jump to content


Welcome to DBSTalk


Sign In 

Create Account
Welcome to DBSTalk. Our community covers all aspects of video delivery solutions including: Direct Broadcast Satellite (DBS), Cable Television, and Internet Protocol Television (IPTV). We also have forums to discuss popular television programs, home theater equipment, and internet streaming service providers. Members of our community include experts who can help you solve technical problems, industry professionals, company representatives, and novices who are here to learn.

Like most online communities you must register to view or post in our community. Sign-up is a free and simple process that requires minimal information. Be a part of our community by signing in or creating an account. The Digital Bit Stream starts here!
  • Reply to existing topics or start a discussion of your own
  • Subscribe to topics and forums and get email updates
  • Send private personal messages (PM) to other forum members
  • Customize your profile page and make new friends
 
Guest Message by DevFuse

Photo
- - - - -

722 Does Not Accept 63 character Wireless WPA2 Encryption Key


  • Please log in to reply
27 replies to this topic

#1 OFFLINE   DennisL

DennisL

    New Member

  • Registered
  • 3 posts
Joined: Feb 15, 2004

Posted 03 January 2011 - 06:11 PM

Trying to set up my VIP-722 with a new Netgear WNDA3100V2 wireless adpater. The receiver recoginzes the adapter successfully, and the SSID scan correctly identifies the encryption on my network as WPA2 (although it's actually WPA2-PSK).

However, when I attempt to enter my 63 character alphanumeric encryption key, the reciever accepts the first 26 characters, and then refuses to accept any characters beyond that. Each attempt to enter a new character overwrites the character in the26th position.

WPA should accept 8-63 alphanumeric or 64 hex characters. FWIW, there is a neighbor's WEP network within range, and I tried selecting that and entering a key. Also only accepted 26 characters, which is correct for WEP 104/128.

Receiver firmware is L672.

Any thoughts on what might be happening here? Anyone else able to use a WPA2 key longer than 26 characters?

Thanks.

...Ads Help To Support This SIte...

#2 OFFLINE   RasputinAXP

RasputinAXP

    Hall Of Fame

  • Registered
  • 3,135 posts
Joined: Jan 23, 2008

Posted 03 January 2011 - 09:21 PM

...that's a lot of characters. Realistically what are you trying to accomplish with that?

8-10 is fine for most, 26 is kind of crazy but 63? Are you keeping state secrets on your wireless network?

"Belligerent and numerous."

Sometimes I update the Dish Network FAQ

AT200, Hopper & 360 via HDMI to Onkyo 505 to basement 42" Westy, Hopper via Comp-over-Cat5 to living room 42" Vizio with a Roku 3, Joey to Toshiba 32" LCD with a Logitech Revue. You want fries with that? Pull up to the 2nd window.


#3 OFFLINE   Jim5506

Jim5506

    Hall Of Fame

  • Registered
  • 3,454 posts
Joined: Jun 07, 2004

Posted 03 January 2011 - 09:30 PM

Local Wikileaks hub??:D:D
Tuners: Hopper 2000; Hopper w/Sling; 3 Joeys; Samsung SIR-T351; Accurian 6000;2 X HD TiVo; 2 X TiVo Series 2 Stand alone; Panasonic Showstopper 2000
Dish 1000.2 @ 110, 119, 129; dish 500 @ 61.5
Antennas - CM4228; RS U75-R; coathanger; Funke PSP.1922 (stillin the box); paperclip
Displays: Sony VPH D50Q with HD Fury HDMI input; Hitachi 57F59; Sony Bravia LCD;Sanyo 32" LCD; Panasonic 42" plasma
Sony 80GB PS3; Toshiba HD-DVD

Give me a Finco colinear array and I'll rule the world - HA-HA-HA-HA!

#4 OFFLINE   Kevin F

Kevin F

    Hall Of Fame

  • Registered
  • 1,128 posts
Joined: May 09, 2010

Posted 03 January 2011 - 09:33 PM

Local Wikileaks hub??:D:D


Hahaha +1
Kevin

Good TV (Cable). Better TV (Dish Network). DirecTV.

My Setup

#5 OFFLINE   RasputinAXP

RasputinAXP

    Hall Of Fame

  • Registered
  • 3,135 posts
Joined: Jan 23, 2008

Posted 04 January 2011 - 08:22 AM

I suppose the real answer is "I've only ever used the wired ethernet connection."

At the rate you're going you might as well set up a RADIUS server.

"Belligerent and numerous."

Sometimes I update the Dish Network FAQ

AT200, Hopper & 360 via HDMI to Onkyo 505 to basement 42" Westy, Hopper via Comp-over-Cat5 to living room 42" Vizio with a Roku 3, Joey to Toshiba 32" LCD with a Logitech Revue. You want fries with that? Pull up to the 2nd window.


#6 OFFLINE   BqWUDUDj

BqWUDUDj

    Mentor

  • Registered
  • 70 posts
Joined: Feb 26, 2007

Posted 04 January 2011 - 09:13 AM

I use a 63-character WPA2-PSK key as well. I had a password generator spit out 63 characters at random and it's a simple matter of cut and paste to get those into the wireless acces point and all connecting computers. Windows will even put the config into a USB key. You can avoid even the cut and paste. Too bad that Dish doesn't support this.

My receiver is wired, but I would be upset to find out that limitations of a Dish receiver restrict my house-wide wireless key to 26 characters and impose changes to all my computers (and my friends computers who visit). It's not Dish's place to make these decisions. If you are going to support WPA2-PSK (and I think it's a great thing to do), do it right.

By the way, Windows XP has a bug in its support of WPA2-Enterprise. If you did go the RADIUS route, you'd find that your Windows XP remote desktops would disconnect after a minute or two. So that's not always an option, if you have older systems.

#7 OFFLINE   DennisL

DennisL

    New Member

  • Topic Starter
  • Registered
  • 3 posts
Joined: Feb 15, 2004

Posted 04 January 2011 - 12:06 PM

Thanks for the responses. Yes, know that 63 characters is more than probably needed. Will probably just reduce the key length and go on. But, like BqWUDUDj, I;m annoyed that Dish has either an obvious bug or made an arbitary decision to implement a non-compliant setup. The help screen for the encryption key entry says WPA will accept an 8-63 character key.

#8 OFFLINE   SaltiDawg

SaltiDawg

    Hall Of Fame

  • Registered
  • 2,375 posts
Joined: Aug 30, 2004

Posted 04 January 2011 - 12:52 PM

... I;m annoyed that Dish has either an obvious bug or made an arbitary decision to implement a non-compliant setup. ...

Why would you think that there are only two "obvious" bug or "arbitary" (sic) decision? It might also be that, as explained, there is simply not enough time to do the required processing with the longer key... or maybe something else. :)

#9 OFFLINE   P Smith

P Smith

    Mr. FixAnything

  • Registered
  • 19,757 posts
  • LocationMediterranean Sea
Joined: Jul 25, 2002

Posted 04 January 2011 - 01:12 PM

If ASCII characters are used, the 256 bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1 - doesn't matter how long your passphrase is - the algo to generate the KEY is the same !

#10 OFFLINE   ZBoomer

ZBoomer

    Icon

  • Registered
  • 529 posts
Joined: Feb 21, 2008

Posted 05 January 2011 - 12:16 AM

Yes, know that 63 characters is more than probably needed.


Ya think? :lol:

So overkill I'm kinda at a loss for words, so I'll just leave it alone.
Hopper 2000, 2x Joey 1.0 Dish Receivers, "America's Everything pack" with PlatHD
Pioneer Kuro PDP-6010FD 60" Plasma Display on Hopper (me), Samsung 40" LCD on Joey #1 (wife), Dell ST2410 HD Monitor on Joey #2 (office.)
Pioneer VSX-1018AH-K AVR Receiver, PS3, Klipsch Reference-Series Speakers

#11 OFFLINE   LtMunst

LtMunst

    Hall Of Fame

  • Registered
  • 1,261 posts
Joined: Aug 24, 2005

Posted 05 January 2011 - 02:24 PM

If ASCII characters are used, the 256 bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1 - doesn't matter how long your passphrase is - the algo to generate the KEY is the same !


This is absolutely untrue. Attacks against WPA/WPA2 are all dictionary based. The attack program will run through it's "dictionary" using the SSID salt and the key derivation function to test against the handshake. If you are stupid enough to use 12345 as your password...or any other easy password, it will be cracked. The key derivation function does not, in and of itself, make your system 256 bit secure. The system (any Crypto system actually) is only as good as the password. A 10 bit password run through a 256 bit hash algorithm is still only 10 bit secure.

#12 OFFLINE   LtMunst

LtMunst

    Hall Of Fame

  • Registered
  • 1,261 posts
Joined: Aug 24, 2005

Posted 05 January 2011 - 02:45 PM

Why would you think that there are only two "obvious" bug or "arbitary" (sic) decision? It might also be that, as explained, there is simply not enough time to do the required processing with the longer key... or maybe something else. :)


I would lean towards believing it is a bug. There is no reason from a processing standpoint to deliberately shorten the password length. The passphrase is hashed to 256 bit key on the first pass and then that 256 bit key is passed thru the hash again....and again 4096 times total. This entire process is performed on a grand total of 4 data packets. From that point on, the data payload is encrypted with a pseudo-randomly generated 128 bit key.

Long story short....there is no way a longer password would be a processing drain on the receiver.

#13 OFFLINE   SaltiDawg

SaltiDawg

    Hall Of Fame

  • Registered
  • 2,375 posts
Joined: Aug 30, 2004

Posted 05 January 2011 - 03:23 PM

...
Long story short....there is no way a longer password would be a processing drain on the receiver.

LtMunst,

Thanks for the explanation.

CdrSaltiDawg :)

#14 OFFLINE   LtMunst

LtMunst

    Hall Of Fame

  • Registered
  • 1,261 posts
Joined: Aug 24, 2005

Posted 05 January 2011 - 03:25 PM

However, when I attempt to enter my 63 character alphanumeric encryption key, the reciever accepts the first 26 characters, and then refuses to accept any characters beyond that. Each attempt to enter a new character overwrites the character in the26th position.


Are you sure? I have seen similar behavior in the generic windows interface for entry of WEP keys. The data field may only be 26 characters long visually, but it may actually continue to take additional characters typed....or not. Worth a try to keep typing the entire passphrase even though it no longer looks like it is being taken.

#15 OFFLINE   P Smith

P Smith

    Mr. FixAnything

  • Registered
  • 19,757 posts
  • LocationMediterranean Sea
Joined: Jul 25, 2002

Posted 05 January 2011 - 06:10 PM

This is absolutely untrue. Attacks against WPA/WPA2 are all dictionary based. The attack program will run through it's "dictionary" using the SSID salt and the key derivation function to test against the handshake. If you are stupid enough to use 12345 as your password...or any other easy password, it will be cracked. The key derivation function does not, in and of itself, make your system 256 bit secure. The system (any Crypto system actually) is only as good as the password. A 10 bit password run through a 256 bit hash algorithm is still only 10 bit secure.


That's right; how I forgot dict attack ... ? :nono2:

#16 OFFLINE   saberfly

saberfly

    Legend

  • Registered
  • 195 posts
Joined: Apr 04, 2010

Posted 05 January 2011 - 09:35 PM

63 characters!?!?! If you crack that code can you launch nukes?

#17 OFFLINE   LtMunst

LtMunst

    Hall Of Fame

  • Registered
  • 1,261 posts
Joined: Aug 24, 2005

Posted 06 January 2011 - 09:35 AM

63 characters!?!?! If you crack that code can you launch nukes?


Yes. :lol:

#18 OFFLINE   LtMunst

LtMunst

    Hall Of Fame

  • Registered
  • 1,261 posts
Joined: Aug 24, 2005

Posted 06 January 2011 - 09:47 AM

Paranoia aside, there is actually a good practical reason for choosing to use a full 64 character hex password. In WPA2, if a 64 character Hex is used, the entire key derivation process is skipped. The 256 bit key is used directly in the authentication. Skipping the 4096 rounds of the hash function used for Ascii passwords saves a noticeable few seconds when you first connect. It does not matter for devices that are always connected, but for laptops, smartphones, etc...it makes a difference.

I was planning on springing for a Sling adapter and USB network adapter from Dish for my 722. If this bug is real, I will probably skip the USB adapter and swap places with my 622 (right next to router). That's easier than re-keying my 11 other network devices.

Edited by LtMunst, 06 January 2011 - 10:16 AM.


#19 OFFLINE   mdavej

mdavej

    Hall Of Fame

  • Registered
  • 2,249 posts
Joined: Jan 30, 2007

Posted 06 January 2011 - 10:55 AM

Can't you set up the adapter with the proper key on a PC then plug it in to the DVR until this bug is fixed?

#20 OFFLINE   DennisL

DennisL

    New Member

  • Topic Starter
  • Registered
  • 3 posts
Joined: Feb 15, 2004

Posted 06 January 2011 - 10:57 AM

Are you sure? I have seen similar behavior in the generic windows interface for entry of WEP keys. The data field may only be 26 characters long visually, but it may actually continue to take additional characters typed....or not. Worth a try to keep typing the entire passphrase even though it no longer looks like it is being taken.


Didn't think of that, thanks. Visually it looks like the 26th character is overwritten by each subsequent one. Already switched to shorter key, which works fine. Will try a longer one when I get the chance.

Thanks for the explanations on the hash algorithm.




spam firewall