[ibmthrowaway218]

> Also, I'm having a bit of a hard time understanding the attack.

He forces them to connect to his own AP and forwards all traffic to the destination so that the client is unaware it has been redirected.

He then forces the client to re-install the key which (on anything that is derived from wpa_supplicant e.g. Linux, Android, etc) the client has blanked out after first use, so the key it reinstalls is now all zero bytes.

He can continue to forward the traffic to the destination so that the client gets responses, but now he can decrypt all of the traffic too.

For clients that re-install the correct key (which the account does not recover in any way) the attacker has to rely on snooping enough encrypted data in order to perform a birthday attack as the key re-installation also resets the frame counters which leads to nonce-reuse which is a problem in ciphers like AES-GCM.