Deriving of Preshared key in EAP-PSK method

Jouni Malinen jkmaline
Wed Nov 29 19:06:22 PST 2006

On Wed, Nov 29, 2006 at 07:53:41PM +0530, Ravi Kishore Singh wrote:

> I have one question regarding Preshared key that is used if we
> choose EAP-PSK as our EAP method::
> Do we need to enter 16 byte PSK manually as input for this method.
> It seems cumbersome. As Peer and Server should have same PSK, so
> there must be some standard mechanism which can generate PSK (same at both
> ends) from a set of user inputs provided at both ends.

In the current implementation, the PSK for EAP-PSK can only be entered
as a 16-byte buffer of random bytes, not using an ASCII passphrase that
would be converted to a key. draft-bersane-eap-psk-11.txt describes a
"formally discouraged" mechanism for deriving the PSK from a password,
so in theory, it would be possible to add support for a passphrase entry
in the same was as WPA-Personal(PSK) can be used.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list