If some device was not following the WiFi Alliance WPA specification by not hashing the entire printable ASCII character set correctly, it would end up with a different 256-bit hash result than devices that correctly obeyed the specification. It would then be unable to connect to any network that uses the full range of printable ASCII characters. Since we have heard unconfirmed anecdotal reports of such non-compliant WPA devices (and since you might have one), this page also offers "junior" WPA password strings using only the "easy" ASCII characters which even any non-fully-specification-compliant device would have to be able to properly handle. If you find that using the full random ASCII character set within your WPA-PSK protected WiFi network causes one of your devices to be unable to connect to your WPA protected access point, you can downgrade your WPA network to "easy ASCII" by using one of these easy keys. And don't worry for a moment about using an easy ASCII key. If you still use a full-length 63 character key, your entire network will still be EXTREMELY secure. And PLEASE drop us a line to let us know that you have such a device and what it is!

Shorter pieces are random too:



A beneficial property of these maximum entropy pseudo-random passwords is their lack of "inter-symbol memory." This means that in a string of symbols, any of the possible password symbols is equally likely to occur next. This is important if your application requires you to use shorter password strings. Any "sub-string" of symbols will be just as random and high quality as any other.

When does size matter?



The use of these maximum-entropy passwords minimizes (essentially zeroes) the likelihood of successful "dictionary attacks" since these passwords won't appear in any dictionary. So you should always try to use passwords like these. When these passwords are used to generate pre-shared keys for protecting WPA WiFi and VPN networks, the only known attack is the use of "brute force"  trying every possible password combination. Brute force attackers hope that the network's designer (you) were lazy and used a shorter password for "convenience". So they start by trying all one-character passwords, then two-character, then three and so on, working their way up toward longer random passwords. Since the passwords used to generate pre-shared keys are configured into the network only once, and do not need to be entered by their users every time, the best practice is to use the longest possible password and never worry about your password security again. Note that while this "the longer the better" rule of thumb is always true, long passwords won't protect legacy WEP-protected networks due to well known and readily exploited weaknesses in the WEP keying system and its misuse of WEP's RC4 encryption. With WEP protection, even a highly random maximum-entropy key can be cracked in a few hours. (Listen to Security Now! episode #11 for the full story on cracking WEP security.)



The Techie Details:



Since its introduction, this Perfect Passwords page has generated a great deal of interest. A number of people have wished to duplicate this page on their own sites, and others have wanted to know exactly how these super-strong and guaranteed-to-be-unique never repeating passwords are generated. The following diagram and discussion provides full disclosure of the pseudo-random number generating algorithm I employed to create the passwords on this page: