Imagine waking up one morning to find that your entire digital life associated with emails, bank accounts, social media is locked away, inaccessible without the right key. That’s the power of digital keys and passwords. Keys and Passwords are the silent sentries protecting our most private and valuable information in an increasingly connected world. But with great power comes great responsibility. How secure are your digital keys? And what’s at stake if they fall into the wrong hands?

Let us understand what goes into creating passwords and secret keys, it is more than just a set of random text.

This article dives deep into the world of digital keys, breaking down the best practices for creating secure passwords and examining the different types of encryption keys that shield us in an increasingly connected world. From understanding password length and complexity to exploring WEP, WPA, and advanced Symmetric and Asymmetric encryption, you’ll gain insights into how these technologies work to keep data safe—and what’s at risk if they don’t.

Generating Secured Password

Creating a strong and secure password is crucial for protecting your accounts and personal information.

Here are some best practices for creating a strong password:

1. 1. Length matters: Use a password that is at least 12 characters long. Longer passwords are generally more secure.
   2. Use a mix of characters: Include a combination of uppercase and lowercase letters, numbers, and special characters. This makes your password more resistant to various types of attacks.
   3. Avoid easily guessable information: Avoid using easily guessable information such as your name, username, birthdate, or common words. Attackers often use automated tools that can quickly guess simple passwords.
   4. No dictionary words: Avoid using complete words found in dictionaries, as these are susceptible to dictionary attacks. Instead, consider creating a passphrase by combining multiple words.
   5. Change passwords regularly: Periodically change your passwords, especially for critical accounts. This adds an extra layer of security.
   6. Avoid common patterns: Avoid using common patterns or sequences like “123456,” “password,” or “qwerty.” These are easily guessable and commonly targeted.
   7. Consider using a passphrase: Create a passphrase by combining multiple words or a sentence. Passphrases are easier to remember and can be just as secure as complex passwords.

Sometimes it requires some effort to come up with large number of new strong passwords for general purpose use. You can use our Password/Key generation tool:

https://ivydotnet.com/Products/Random-key-generator-tool

Though passwords and keys can be defined as random texts, but for more serious purpose, there are specific standards that need to be followed to generate the keys.

Standards like Wired Equivalent Privacy (WEP) Key, Wi-Fi Protected Access (WPA) Key, Symmetric and Asymmetric Key etc. Let’s take a deeper look.

What is WEP Key

Wired Equivalent Privacy (WEP) was the first security standard introduced in 1997 and was intended to provide a level of security similar to that of wired networks by encrypting data transmitted over the air, preventing unauthorized access to Wi-Fi networks. The encryption key used in WEP is shared between the wireless access point (AP) or router and the wireless devices that connect to it.

The primary objective of WEP was to prevent Man-in-the-Middle attacks, which it did well for a time. However, WEP has several significant security flaws, it has been deprecated and considered insecure for many years. It has been replaced by WPA (Wi-Fi Protected Access) standards in 2003.

What is Initialization Vector (IV).

In WEP, the Initialization Vector (IV) is a 24-bit (fixed size) random or pseudo-random number used to help encrypt data packets and prevent reuse of the same encryption key across multiple data packets. The IV is combined with the WEP secret key to create a unique per-packet encryption key. This approach is intended to add randomness to the encryption process, theoretically making it harder for attackers to crack the encryption.

The IV is only 24 bits long, which means there are only about 16.7 million possible IVs. In a busy network, this limited number of unique IVs is quickly exhausted, resulting in IV reuse.

How WEP is generated

There are many WEP key generation tools available.

Feel free to use our online WEP key generation tool.

https://ivydotnet.com/Products/Random-key-generator-tool/#WEP

But if interested to know more, please follow me below.

WEP key initially supported 40-bit keys, later extended to 104-bit keys, plus a 24-bit initialization vector (IV), making for a total key size of 64 bytes or 128 bits, respectively. However, there are some implementations of WEP also support 152-bit and 256-bit keys, but these are less common and were proprietary extensions rather than part of the original WEP standard. The 64-bit and 128-bit keys are the most widely recognized and commonly used WEP key lengths. The IV is combined with the WEP secret key to create a unique WEP key

An example of 64-bit WEP key.

To generate a 64-bit WEP key using a 40-bit key combined with a 24-bit Initialization Vector (IV), we need to create a 5-byte random key and a 3-byte IV. This results in a total of 8 bytes (5 bytes for the key and 3 bytes for the IV).

The “64-bit” refers to the combination of the key (40 bits) and the IV (24 bits), which totals 64 bits.

WEP keys output can be in hexadecimal format and ASCII format. However, hexadecimal format is more popular.

• • a) In hexadecimal form, a 64-bit WEP consists of 10 hexadecimal characters long for the Key. And 6 hexadecimal characters long for the IV, as each hexadecimal digit represents 4 bits. and a and a single byte is of 8 bits. Hence total of 16 hexadecimal characters long.
  • b) In ASCII form, the Key would typically be 5 characters (byte) long and IV would be 3 characters (byte) long, as each ASCII character represents 8 bits. Hence total 8 characters (byte) long in ASCII.

How to WEP key is generated

Let us generate the random keys in byte array, it will be easier to relate as the lengths of the keys are in bits. 8-bit represents 1 byte, and 1 byte is equal to 1 character.

1. 1. Step 1 – Generate a 5-byte array (keyBytes) which represents the 40-bit key. We may use any programming language or technique for this.
   2. Step 2 – Then generate a 3-byte array is generated (ivBytes) which represents the 24-bit Initialization Vector (IV).
   3. Step 3 – Convert both the keyBytes and ivBytes into hexadecimal strings. We may use any standard code library or function for this but ensure each byte is represented as two hexadecimal characters.
   4. Step 4 – Concatenate the IV with the Key to form the final 64-bit WEP key, represented as a 16-character hexadecimal string.

An example output of 64-bit WEP Key (IV + Key): 4B7A23A1B2C3D4E5

In this example, 4B7A23 is the 24-bit IV, and A1B2C3D4E5 is the 40-bit key. The total length is 16 hexadecimal characters, representing 64 bits.

Try to calculate the output length for 128-bit key in hexadecimal and ASCII format output.

What is WPA key

Wi-Fi Protected Access (WPA) family of security protocols designed to secure wireless networks. WPA was introduced to address the vulnerabilities of the older Wired Equivalent Privacy (WEP) standard and offers stronger encryption and improved authentication mechanisms.

Generating a WPA key (often referred to as WPA-Personal or WPA-PSK) involves creating a pre-shared key (PSK) based on a passphrase and the network SSID. The key is then derived using a hashing algorithm called PBKDF2 (Password-Based Key Derivation Function 2).

WPA1 (Wi-Fi Protected Access 1) or simply WPA

The terms WPA and WPA1 are often used interchangeably to refer to the same security standard, Wi-Fi Protected Access (WPA). Technically, WPA1 is not an official term but is sometimes used to distinguish the original WPA from the improved WPA2 standard.

WPA2 (Wi-Fi Protected Access 2)

WPA2 (Wi-Fi Protected Access 2) can be configured in two modes when it comes to Personal mode (WPA2-PSK) and Enterprise mode.

1. 1. Personal mode or Pre-shared Key (WPA2-PSK): WPA2-PSK is often referred to as “Personal” or “Pre-Shared Key” mode because it uses a shared passphrase or key. This passphrase is manually entered on both the wireless access point (router) and the client devices (computers, smartphones, etc.) that wish to connect to the Wi-Fi network.
   2. Enterprise mode (WPA2-EAP): WPA2-Enterprise uses a more advanced authentication method, typically involving a RADIUS (Remote Authentication Dial-In User Service) server. This mode is more suitable for larger organizations or businesses where individual user accounts and unique credentials are desirable.

(In this article we will deep drive into WPA-PSK.)

WPA3 (Wi-Fi Protected Access 3)

WPA3 (Wi-Fi Protected Access 3) is the latest and more secure standard for Wi-Fi network security, introduced in 2018, succeeding WPA2. This version was developed to address some of the vulnerabilities and weaknesses found in the aging WPA2 protocol, providing stronger protection for wireless networks.

For more information on WPA standards and specifications visit:

Wi-Fi Alliance® : https://www.wi-fi.org/

WPA Specifications: https://www.wi-fi.org/system/files/WPA3%20Specification%20v3.3.pdf

Passphrase and SSIS

Passphrases are often used in place of shorter, simpler passwords because they can provide greater security due to their length and complexity. In WPA parameter the passphrase must be between 8 and 63 characters long, as required by the WPA1 standard.

SSID stands for Service Set Identifier. It is the unique name assigned to a Wi-Fi network, which allows devices to distinguish between different wireless networks in the same area. When you connect to a Wi-Fi network on your phone, laptop, or other device, the SSID is the network name you see listed in the available networks. As per the WPA standards, an SSID can be up to 32 characters long and can include letters, numbers, and special characters.

Therefore, the same set of Passphrase and SSID will generate the same WPA key, to generate different WPA key we need to use different passphrase and SSID every time.

A quick comparison between WPA2, WPA2 and WPA3

How WPA is generated

Let’s target to generate a 256-bit WPA-PSK key.

WPA-PSK is derived from a passphrase and the network SSID using the PBKDF2 algorithm with SHA-1 as the hashing function, which results in a 256-bit key (or 32 bytes).

1. 1. Step 1 – Take the two inputs and validate them as per WPA specification. Ensure the passphrase must be between 8 and 63 characters long, and SSID is not more than 32 characters long. We take the passphrase as the main input, the SSID as the salt to generate the final key.
   2. Step 2 – Convert the Passphrase and the SSID into byte array.
   3. Step 3 – Use any programming language to implement the PBKDF2 (Password-Based Key Derivation Function 2) algorithm as per the specification mentioned in Wi-Fi Alliance Org or use any available library. PBKDF2 is used to derive a 256-bit key from the passphrase and SSID. This function should take the passphrase byte array as the main input, the SSID byte array as the salt, and the number of iterations minimum 4096 (as per the standard specification). This will give us the 256-bit key.
   4. Step 4 – The resulting key is converted into a 64-character hexadecimal string, which is the format commonly used for WPA PSKs. We may use any standard code library or function for this but ensure each byte is represented as two hexadecimal characters.

An example output of 256-bit WPA-PSK Key: 3F6F61A37F012C26702B98B8B9FAE29F0B8A4E500DFA8D1A59EBFA3B6D1FCD91

A useful tool to generate WPA keys:

https://ivydotnet.com/Products/Random-key-generator-tool/#WPA

What Symmetric and Asymmetric Key

In encryption, a key is a sequence of bits that guides how the encryption algorithm converts readable text (plaintext) into encoded text (ciphertext) and back again.

A longer key means more possible combinations, making it nearly impossible for attackers to use brute-force methods to guess every potential key.

Advanced cryptography can get complex, so a detailed article may be helpful. However, here’s a brief overview for now to explain the basics.

A) Symmetric Keys

In Symmetric Encryption uses the same key for encryption and decryption. Therefore, the sender needs to generate the key, use it to create the Cipher text and send the Cipher text as well as the key to the recipient user, so that the recipient can decrypt using the same key. This single key must be kept secret because anyone with access to it can decrypt encrypted data.

Symmetric Encryption is faster and is less computationally demanding, making them suitable for encrypting large amounts of data. However, the challenge lies in securely distributing and managing the secret key among users.

Generally Symmetric Encryption is used for encrypting bulk data in applications like file encryption, database encryption, and VPNs. Often used in secure sessions for faster data transfer (e.g., within a TLS session after an asymmetric key is used to establish the connection).

Some of the common Symmetric algorithms available are AES (Advanced Encryption Standard), DES (Data Encryption Standard), Blowfish etc.

B) Asymmetric keys

In Asymmetric Encryption uses a pair of keys. A public key and a private key, one key is used for encryption and another key is used for decryption. The public key is used to encrypt data, while the private key is used to decrypt it. These two keys are always in pair. Only the private key must be kept secret, while the public key can be openly shared. The sender needs to generate the key pair, use the private key to encrypt and send the public key to the recipient along with the cipher text.

Asymmetric Encryption is slower and more computationally intensive due to complex mathematical operations, making them less efficient for bulk data encryption. Asymmetric keys excel in secure key exchange and digital signatures due to their key-pair nature, which allows secure communication even over untrusted channels.

This is ideal for secure key exchange (such as in SSL/TLS connections), digital signatures, and secure email. It is widely used for digital certificates and ensuring the integrity and authenticity of messages or software.

Some of the common Asymmetric algorithms are RSA (Rivest-Shamir-Adleman), DSA (Digital Signature Algorithm), ECC (Elliptic Curve Cryptography) etc.

What is AES Key

Advanced Encryption Standard (AES) key is a symmetric key algorithm, meaning the same key is used for both encryption and decryption. AES keys are secret keys used in AES encryption, one of the most widely used symmetric encryption algorithms. AES encrypts data in blocks of 128 bits, which means that data is processed in fixed-sized chunks. It was established by the U.S. National Institute of Standards and Technology (NIST) and is used worldwide for securing sensitive data.

AES supports three key lengths, 128 bits (16 bytes), 192 bits (24 bytes) and 256 bits (32 bytes).

AES is a symmetric key algorithm, meaning the same key is used for both encryption and decryption. This makes AES efficient but requires secure key distribution. As AES keys are secret keys, Secure key management is essential with AES because the key must remain confidential. If an AES key is exposed, any data encrypted with it can be decrypted.

AES itself does not directly support passphrases. However, passphrases can be used indirectly to create an AES key through a process known as key derivation. This is commonly done using algorithms like PBKDF2 (Password-Based Key Derivation Function 2), scrypt, or Argon2. These algorithms turn a passphrase into a cryptographic key suitable for AES encryption.

How AES Key is generated

There are many AES tools available.

Use our tool to generate AES Symmetric Key:

https://ivydotnet.com/Products/Random-key-generator-tool/#AES

For those interested let’s take a closer look.

We can generate AES key, with a specified key size, using the PBKDF2 key derivation function. there are many existing libraries available, however, all of them do the following:

1. 1. Step 1 – Take the two inputs from the user, Key size (128 bits, 192 bits, 256 bits) and passphrase. We also need another input number of iteration for the PBKDF2 function (recommended value of iteration is 10,000).
   2. Step 2 – A random 16-byte salt is generated (use any code or library for this). This salt adds randomness to the derived key. It is also called Initialization Vector (IV).
   3. Step 3 – Use any programming language to implement the PBKDF2 (Password-Based Key Derivation Function 2) algorithm as per the specification mentioned in Wi-Fi Alliance Org or use any available library. the output will be in Byte Array
   4. Step 4 – Generally, AES keys are in Base64 format. The next step is to convert the Byte Array from previous step to Base64 format.

An example of AES key (256 Bits): GWmKC++ZDZvfMcYwuMJHjJ1rkI+YOvLOhHvffM/qXXo=

What are RSA Keys

Rivest–Shamir–Adleman (RSA) keys are cryptographic keys used in the RSA encryption algorithm, a widely used asymmetric encryption system. Unlike symmetric encryption (like AES), which uses the same key for both encryption and decryption, RSA uses a pair of keys:

1. 1. Public Key: Used for encryption and signature verification. This key can be shared openly and is used by others to encrypt data that only the private key owner can decrypt.
   2. Private Key: Used for decryption and digital signatures. This key must be kept secret because it is used to decrypt data that was encrypted with the public key or to sign data that can be verified by anyone with the public key.

RSA keys are part of a public-private key pair. Each key in the pair complements the other, meaning data encrypted with the public key can only be decrypted with the corresponding private key, and vice versa.

RSA remains a cornerstone of modern cryptography for public-key encryption and digital signatures, though it’s gradually being complemented or replaced by algorithms that are more quantum-resistant, such as elliptic-curve cryptography (ECC).

Use our tool to generate RSA Asymmetric Keys:

https://ivydotnet.com/Products/Random-key-generator-tool/#RSA