£ sign wrecks openwrt wifi passwords

So I wrote an auto password change script, for any number of nodes/clients and was reasonably sure I had "escaped" the shell variable correctly, and this new password was a 62 character hieroglyphic mess generated by a generator.... (as I was unaware of the fact essentially 45 characters of 0-9a-zA-Z (or <=> 63 characters of 0-9A-F as a direct psk key) covers (more than) full range of 256 bit key, a fact I encountered in research around this problem) so when none of my several nodes came back up I suspected my escaping in the shell script... turns out it was the £ sign....

(could be other characters as well)

After manually fetching the nodes (pita) and singly changing the passwords all is OK, the latest version of openwrt seems good, luci runs quite well even doing real time graphs on a quite old router.

just thought I would post info so anyone else can avoid the problem.


According to https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#Security_.26_Insecurity_in_pre-shared_key_mode, the "key may be entered either as a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters."

So the £ sign is in fact an invalid character.

1 Like
1 Like

I guess in practice implementations won't specifically enforce that only ASCII characters are entered (OpenWrt certainly doesn't) but £ is two-bytes when encoded in UTF8. If you had any other non-ASCII multi byte char there, your final passphrase string likely exceeded the 63 byte limit.


you can enter a psk in a clients wpa_supplicant.conf if you do not put quotes round it.

you can use wpa_passphrase to generate the PSK key, but that does not complain about unicode characters either and does generate a PSK from the unicode including string.

luci allowed me to enter the password phrase and save and apply it, it failed when trying to bring wifi up saying invalid passphrase in the log.

1 Like

Might have been fixed by https://github.com/openwrt/luci/commit/9a41673488dd7725c8a7f69430b5c8559a038695 (related bug https://github.com/openwrt/luci/issues/4055)

Thanks, now I know 45 character of alphanumeric is full range of wpa key, that seems the one to use... using a password manager of course LOL