The question of the acceptable length of a security key often arises among users who are dealing with legacy equipment or trying to connect very old devices to a wireless network. Protocol WEP (Wired Equivalent Privacy)Despite its age and vulnerability, it is still found in specialized industrial controllers, cash registers, and game consoles from the last decade. Understanding the password structure in this standard is critical, as an incorrect number of characters will result in authentication failure.
The key length directly depends on the selected encryption mode and character encoding. Unlike modern WPA2 and WPA3 standards, where passwords can be of any length and contain any characters, here there is a strict mathematical constraint on the algorithm's bit depth. IEEE 802.11 standard strictly regulates these parameters, and any deviation from the specified format will result in a connection error.
In this article, we'll take a detailed look at how many characters a password should contain for different operating modes, the difference between hexadecimal and ASCII formats, and why using this type of protection is considered risky today. You'll learn the exact numbers for configuring your router or client device.
Principles of key formation in the WEP protocol
Encryption algorithm WEP is based on the RC4 stream cipher. This algorithm requires a static key, which is combined with an initialization vector (IV). The size of this static key determines the overall length of the user-entered string. There is a misconception that the numbers 64 and 128 denote the password length, but in fact, they indicate the total length of the encryption key and the IV.
When creating a network, the administrator selects a cryptography level, which dictates the password requirements. If you attempt to enter a shorter string, the system will return a format error. If the length is exceeded, extra characters may be truncated or input blocked. It is critically important to understand that in WEP mode there is no concept of a "minimum length" as in WPA - the length must be strictly fixed.
The key generation process can occur automatically in the router or manually by the user. In the first case, the device automatically generates a random character sequence of the required length. In the second case, you must manually comply with all character length requirements, which often causes difficulties when entering the key manually.
64-bit encryption mode: structure and size
Mode 64-bit encryption (often referred to as 40-bit in technical documentation, as the initialization vector occupies 24 bits) is the basic and least secure option. It was with this option that widespread Wi-Fi adoption began. Key length requirements in this mode depend on the chosen number system.
If encoding is selected HEX (hexadecimal), the key must be exactly 10 characters long. Acceptable characters are numbers from 0 to 9 and letters from A to F (case is usually insignificant, but uppercase is preferred). Any attempt to enter the letter "G" or any other character outside this range will result in an error. This is because 40 bits of data in hexadecimal notation occupy exactly 10 digits (4 bits per character).
In case of using encoding ASCII, the key length is reduced to 5 characters. Any printable characters, including letters, numbers, and special symbols, can be used here. Each character in ASCII is encoded in 8 bits, so 5 characters provide the required 40 bits for the user portion of the key. This makes the password more memorable, but not more secure.
- 🔑 HEX format: strictly 10 characters (0-9, AF).
- 🔤 ASCII format: strictly 5 characters (any printable characters).
- ⚠️ Note: In 64-bit mode, you cannot use passwords with a length of 6, 8, or 12 characters - only fixed values.
⚠️ Attention: The 64-bit encryption protocol can be cracked with specialized software in a matter of seconds. Use this mode only for testing equipment or connecting devices that don't support other standards on an isolated network.
128-bit encryption mode: increased (but not sufficient) protection
Mode 128-bit encryption (effectively 104-bit user key + 24-bit IV) was the industry's response to the first critical vulnerabilities of the original standard. This is the most common configuration for legacy devices requiring WEP. Here, string length requirements increase proportionally to the increasing bit depth.
For HEX This encoding mode requires 26 characters. This is a long sequence of numbers and letters (AF), which is almost impossible to remember. Even a single character error will invalidate the key. Many users confuse this mode with 64-bit mode and enter 10 characters, wondering why the network won't connect.
When choosing ASCII The password length for this encryption method is 13 characters. This allows for a more complex combination than the 5-character version, using the entire keyboard character set. However, even 128-bit WEP is currently considered cryptographically weak and should not be used to protect confidential data.
Comparison table of key formats and lengths
For ease of configuration, a summary table showing the relationship between key length and encryption type and encoding system is provided below. Save this data to quickly determine the required format when configuring older equipment.
| Encryption type | Key bit depth | HEX encoding (symbols) | ASCII encoding (symbols) | HEX example |
|---|---|---|---|---|
| WEP 64-bit | 40 bits | 10 | 5 | 1A2B3C4D5E |
| WEP 128-bit | 104 bits | 26 | 13 | 1A2B3C4D5E6F7A8B9C0D1E2F3A |
| WEP 152-bit* | 128 bits | 32 | 16 | Not supported everywhere |
| WPA2-PSK | 256 bits | 64 (Hex) | 8-63 (ASCII) | Arbitrarily |
The table also mentions a 152-bit mode (sometimes labeled as a 128-bit user key). This mode is less common and requires 32 characters in HEX or 16 in ASCII. Not all wireless adapter drivers support this mode.
A line with the modern standard has been added for comparison. WPA2To demonstrate the difference in flexibility, modern networks allow password lengths ranging from 8 to 63 characters, offering a tremendous degree of freedom and security compared to the rigid constraints of WEP.
Where do the numbers 10 and 26 come from?
The numbers are obtained by dividing the user key's bit depth by 4. One hexadecimal character encodes 4 bits of information. 40 bits / 4 = 10 characters. 104 bits / 4 = 26 characters.
The difference between HEX and ASCII encoding
Understanding the differences between HEX And ASCII Critical for manual configuration. The HEX (hexadecimal) format uses only 16 characters: the numbers 0-9 and the letters AF. This makes the keys long and difficult to remember, but they are universal and independent of the keyboard layout.
The ASCII format allows for the use of familiar letters (including Cyrillic in some implementations, although this may cause compatibility issues), numbers, and special characters. The keys are shorter, but when transferring settings between devices with different encodings, problems with displaying special characters may occur.
When generating a key, the router often offers a choice: "Passphrase" or "Key." If you choose Passphrase, the router automatically converts your phrase into a HEX key of the required length (5 or 13 characters) using a hash algorithm. If you choose Key, you enter the characters directly.
- 📟 HEX: Only 0-9 and AF, case insensitive, fixed length.
- 📝 ASCII: Any characters, case and space sensitive.
- 🔄 Conversion: The ASCII password "12345" in 64-bit HEX mode will not become "12345", but will be converted to the hexadecimal code of these characters.
⚠️ Attention: Router interfaces from different manufacturers may name these fields differently. For example, "Hexadecimal" may be hidden in the "Key Format" drop-down list. Always check the selected format before saving the settings.
☑️ Checking WEP settings
Compatibility issues and hardware limitations
Modern operating systems such as Windows 10/11, macOS Windows and mobile operating systems are gradually deprecating WEP support. You may encounter a situation where the network is visible, but the system displays "Not supported" or "Unable to connect." This is due to Microsoft and Apple security policies that block connections using vulnerable protocols.
Additionally, there's an encryption issue when connecting devices of different generations. An older printer may require a 64-bit key, while the router is configured for 128-bit by default. In this case, the router logs will show repeated association attempts that will fail.
It's also worth keeping in mind that some router firmware allows you to set a WEP key of any length, but this doesn't mean it will work. The encryption algorithm will truncate the key or pad it with zeros, rendering the network inoperable. Strict adherence to the standards (10/26 HEX or 5/13 ASCII) is the only way to ensure success.
Why WEP should be abandoned in favor of WPA2/WPA3
The main reason for not using WEP — its complete cryptographic incompetence. The RC4 algorithm has vulnerabilities that allow the encryption key to be recovered by intercepting a certain amount of traffic. This doesn't require supercomputers; a regular laptop and a few minutes of time are sufficient.
Modern standards WPA2 And WPA3 They use advanced encryption methods (AES) and dynamic key rotation. Passwords can be any length (from 8 to 63 characters), allowing for the creation of complex combinations resistant to brute-force attacks. Adopting these standards is essential for the protection of personal data.
If your device only supports WEP, consider replacing it. Using such a device on a shared network creates a security breach for all other users. As a last resort, isolate such devices to a separate guest network without access to local resources.
Is it possible to increase the WEP key length manually?
No, the key length is hard-coded by the IEEE 802.11 standard for the selected encryption mode (64 or 128 bits). You cannot create a 64-bit key with a 20-character length. If you need a different length, you must switch the encryption mode if your hardware supports it.
What happens if I enter the WEP key in lowercase (af)?
In hexadecimal notation, letter case is irrelevant. The characters 'a' and 'A' are equivalent and represent the number 10. However, in ASCII mode, case is critical, and the password "Password" is not the same as "password."
Why doesn't the router allow me to save the WEP key?
You most likely selected the wrong key format or length. Check that the number of characters entered matches the selected mode (10 for 64-bit HEX, 26 for 128-bit HEX). Also, some new routers have completely removed WEP support from their firmware.