[mgualt]

A couple of naive questions about the design of the security system:

1. Why is it possible to do the password tests remotely? Why would the key on the router be allowed to be transmitted? Even a 6 character password should be safe if you don't allow multiple tries.

2. Why isn't the handshake protocol encrypted?

[jdthomas]

1. The attack is to brute force the shared secret (password). This can be done offline because by capturing the exchange you have the ANonce and SNonce and all other information required to generate the same key -- except the shared secret. Try lots of passwords and check if you generate the same PTK as the two stations do.

2. Encrypted with what? This is the key exchange stage that is attacked here.

802.11w adds signing to management frames which eliminates the deauth attack -- makes it harder to capture the EAPOL frames. Also, IIRC, WPA2-enterprise would not be susceptible to this sort of attack; you've pre-shared a key rather than a (short) password for generating one.

edit: spelling

[caspianm]

Password authenticated key exchange should do what we want. I was hoping WPA2 would have have used it already.

http://en.wikipedia.org/wiki/Password-authenticated_key_agre...

[delackner]

Honest question: since all devices connecting to a WIFI network are by definition within a short distance of the router itself, is there a WIFI solution that uses pre-shared key cryptography? That seems to me to be the only truly unbreakable option.

[MichaelGG]

The key isn't being transmitted, but a hash of it with a nonce is. You could do a DH key exchange and encrypt it, but I doubt that would help that much: An attacker would just need to transmit their own auth packets.