How secure is it to use a password hash of a common English word as a WPA2 key?

Unless you reveal the method of how you generated your "long WPA2" key (which you just did), it's just a complex hexadecimal string which would normally be pretty secure. On the other hand, if someone knew that you were using "a common English word" and used a hash of that word as the key, anyone could quickly regenerate a sequence of hashes from a dictionary and use it as a rainbow table to break your password pretty quickly.

If you are looking for a "difficult password that is still easy to remember" why don't you come up with a longer pass phrase that means something to you but not easily guessed by anybody else. That would render widespread rainbow tables essentially useless. Start with a phrase (i.e. sequence of words, sentence, etc), mix in a sequence of digits that means something to you (avoid birthdays, phone numbers, etc), and generate a long key that is "easy to remember" that way.


It is as secure as any other key as long as you do not tell anyone.

At the end of the day, your key will be using 0-9, a-f... which is actually only gives 16 possible characters instead of just a-z which would give 26. Therefore, if you think you are being smart and tell someone "I am using SHA-1", you are actually cutting down their brute force combinations by quite a few.

Personally, I think you would be a lot better off just having a normal long word/s with a mix of case, then throw in some random numbers and symbols.