How to convert a passphrase into 128bit/256bit WEP key?

Question

I have a passphrase and I want to generate 128bit or 256bit WEP key from that. Any pointers or links will be helpful on how to generate WEP key from a plain text.

Answer 1

Hopefully the original poster has found the answer by now but I for one found this information SHOCKINGLY difficult to come by as it's beyond deprecated. As mentioned repeatedly, in this thread and others, WEP is horribly unsecure but for some reason nobody is willing to give a straight answer otherwise and there are a lot of suggestions to go learn something else.

To the original question, the 128-bit key is an MD5 hash of a 64-byte string. This 64-byte string is the ASCII pass phrase repeated over and over then truncated at 64-bytes. In SQL Server for instance, this would appear as,

SELECT CAST(HASHBYTES('MD5', LEFT(REPLICATE(@phrase, CEILING(64.0 / LEN(@phrase))), 64)) AS varbinary(13))

Answer 2

Start by reading about Key Derivation Functions. High quality modern KDFs are scrypt, bcrypt and PBKDF2. All of them have open source implementations.

For PBKDF2, you can specify the length of the derived key. For scrypt, you can pick the first N bits of the output and use them as the key.

The most straightforward way of doing this without using a KDF is to concatenate your passphrase with a 24 bit IV (initialization vector) and form an RC4 key.

Mind that WEP combines your key and IV to seed an RC4 stream which keys the data stream; for this reason, WEP has a number of shortcomings, which make it unable to provide adequate data confidentiality. You can read more about it by following the Wikipedia page links.

Do NOT use a cryptographic hash as a derived key.

Answer 3

To anyone else swinging by, I wanted to regenerate a WEP passphrase we used in the early 2000s and what worked for me was repeating the passphrase to fill 64 characters (No newlines) and then md5summing that to get the result. I manifested this test in a bash script using yes to repeat the passphrase, tr to drop yes's newlines and pv to truncate the stream to 64b. Then md5sum is called to sum the result.

#!/bin/bash
read -p passphrase?: -s passphrase
[ -z "$passphrase" ] && echo "Need a passphrase!" && exit
yes $passphrase | tr -d '\n' | pv -s 64 -S | md5sum
unset passphrase

The above successfully spit out our WPA PSK used in the early 2000s when provided the original passphrase we used.