What is a WPA Key?

A WPA key is part of the Wi-Fi Protected Access scheme of wireless Internet security. WPA and its successor, WPA2, use pre-shared keys to facilitate very strong encryption security for wireless data transmission. These keys are used to mutually authenticate communications between wireless devices, usually using a hub-and-spoke model that sends communications from many devices through a wireless network router, which then communicates with the Internet using a wired connection. A modified version of these security protocols uses a centralized server to handle the authentication of users, instead of relying on a WPA key that has been shared to all authorized users.

Wireless networks are ubiquitous in the modern world. Many function as unsecured networks and are very vulnerable to attack by hackers. They offer almost no protection for the data transmitted to and from computers. Some security can be provided through the dynamic exchange of security keys between a computer or other mobile device and a server, but this still leaves the underlying data connection vulnerable to interception.

WPA and WPA2 systems of wireless security address this security vulnerability. In most small networks, a WPA key is at the heart of this protection. This key is shared to all devices that are meant to have network access. Ideally, this sharing is done offline, so that the transmission of the key itself is not vulnerable to interception.

The WPA key consists of a string of 256 bits of data. This may be generated directly by a user and shared in the form of a hexadecimal key that is 64 digits in length. This is a somewhat cumbersome method of sharing an encryption key, however, and does not lend itself to easy memorization by users. A second option for WPA key sharing involves the use of a passphrase and a key derivation function.

Passphrases consist of strings of up to 63 ASCII characters. The numeric values associated with these characters are then combined with the name of the network, known as the service set identifier (SSID), and run through many iterations of a derivation function. The resulting 64 hexadecimal digits are then used as the WPA key.

A key generated from a passphrase plus SSID is potentially more vulnerable than a truly random 64 digit key. A long passphrase coupled with an unusual SSID will produce a key that is proof against brute force hacking. A short or common passphrase, such as "password," combined with a common SSID, such as "network" or the name of a particular brand of router, will produce a worthless key. Hackers have already computed the keys generated from the most common combinations and will attempt these at the start of any brute force attack.