Why is the WPA2-PSK key length limited to 63 characters?

ph4nt0m picture ph4nt0m · Aug 2, 2013 · Viewed 38.8k times · Source

I wonder why there is a limit of just 63 characters for the passphrase of WPA2-PSK. It's not even a power of two and looks very unusual to me, but surely there's some deeper meaning to this number.

Answer

Dominic Gifford picture Dominic Gifford · Feb 4, 2014

The PSK is derived from the passphrase using PBKDF2 key derivation function with SHA1 as the pseudo random function. The passphrase is an 8-63 character ASCII encoded string.

PSK = PBKDF2(PassPhrase, ssid, ssidLength, 4096, 256)

The PSK is 32 bytes (256 bits), often displayed as 64 hex characters.

According to the 802.11i specification:

A pass-phrase is a sequence of between 8 and 63 ASCII-encoded characters. The limit of 63 comes from the desire to distinguish between a pass-phrase and a PSK displayed as 64 hexadecimal characters.

So the difference is just to distinguish a 64 hex character PSK from a 8-63 character ASCII passhprase.