[lxgr]

Not for WPA-PSK. The PSK is used to derive the PMK from (simplified) something like PMK = Hash(PSK, SSID). This key is static and never changes for the lifetime of a particular SSID, and is also shared across all devices in WPA-PSK.

From the PMK, all other per-connection keys are then derived at association time, but everybody that captures that conversation can derive all further keys since that exchange uses only symmetric functions with all secret inputs derived from the PMK, not something like Diffie-Hellman.

It's unfortunately not easy to do anything more resistant against compromised clients without storage on the APs (or at least a stable encryption key available to all access points of an SSID), so WPA-PSK doesn't – for anything more robust than that, you need WPA-EAP. (Some networks support a per-station/MAC address PSK as a proprietary feature, but that's only possible because they do have some management plane that allows the APs to share the required state.)