A wireless network with WPA encryption requires a passphrase of 8 to 63 characters. This passphrase is then converted to a 256-bit hex key (64 characters) using a hash function. Some software allows the hex key to be directly entered as a 64 hex character while some other software allows only the passphrase to be entered. This can be a problem when a device that only accepts the passphrase, the Eee PC for instance, must connect to a device with the 64 character hex key entered manually. There is no way (at least to my knowledge) to convert the 256-bit key into a working passphrase.

This page will describe how to configure the network settings to use a 64 character hex key without downloading or installing any additional software. This has been tested on a 901 20G system running Xandros from a fresh F9 restore, software version 1.6.0.104, 1603 BIOS.

• Configure your wireless network using the Network application as you normally would. You may enter anything you want in the WPA key, you will change this later. I found it convenient to paste in my 64 character hash key here and delete the last character. Uncheck Start this connection when finished
• In the Network Connections window, open the properties to the new connection you created and make note of the ID at the top of the window (will be something like lan3)
• Open a console window (Ctrl-Alt-T)
• Type the following command:

sudo nano /etc/network/interfaces

• Find the section that contains the same name as the ID of the connection you just configured, if the ID was lan3, you are looking for something like this, note the ID in the iface lan3 inet manual line:

iface lan3 inet manual
    down dhclient3 -r -pf /var/run/dhclient.$IFACE.pid -lf /var/run/dhclient.$IFACE.leases $IFACE
    down ifconfig $IFACE down
    up ifconfig $IFACE up
    up dhclient3 -cf /etc/dhcp3/dhclient.$LOGICAL.conf -pf /var/run/dhclient.$IFACE.pid -lf /var/run/dhclient.$IFACE.leases $IFACE
    wireless-channel 3
    wireless-essid wifiName
    wireless-key s:someKey
    wireless-keymode open
    wireless-mode managed
    wireless-rate auto
    xncs-wireless-encryption wpa

• Change the wireless-key to contain your 64 character hex key, in this example someKey would be replaced with the hex key
• Press Ctrl-O followed by Return to save the file. Then press Ctrl-X to exit the editor.
• Now type the following command:

sudo nano /etc/network/if-pre-up.d/0001xandros-wireless-tools

• Find the line that contains this:

PSK=`echo "$IF_WIRELESS_KEY" | $WPAPASSPHRASE "$IF_WIRELESS_ESSID" | sed -nr 's/^\s+psk=(\S+)/\1/p'`

• Add the following lines just below the line indicated above

# USER FIX: add this to check for 64 character HEX WPA keys and don't hash
if [ "65" = `echo $IF_WIRELESS_KEY | wc -m` ]; then
    PSK=$IF_WIRELESS_KEY
fi

• Press Ctrl-O followed by Return to save the file. Then press Ctrl-X to exit the editor.
• Go back to your Network Connections window and select your wireless connection, click Connection→Connect. You should connect now.

Note that any time you bring up the connection properties the form will complain about having a passphrase longer than 63 characters. If you must make changes in this form, you will need to remove at least one character from the key and add it back by editing the /etc/network/interfaces file.

Why this works: WPA puts a limit of 63 characters on passphrases to reduce potential confusion between a passphrase and the 256-bit key. With this restriction if the key has 64 characters it must be the 256-bit key. The modification to 0001xandros-wireless-tools checks the length of the supplied key. If the key is 64 characters long it overwrites the 256-bit key it just calculated with the key exactly as it is entered in the /etc/network/interfaces file (wc -m adds 1 to the character count, I don't know why and didn't care to investigate, comparing to 65 works as is).

From my understanding, the spec requires all devices to accept only the 8 to 63 character passphrase and internally create the 256-bit key. For whatever reason some developers decided to one up the spec and allow the 256-bit keys to be entered directly. Direct hex key entry is not universally implemented so this causes problems in some cases.