WPA2

Message Integrity Code是用来prove I know the key

All the data that sent over this network are encrypted using that PTK.

PSK never changes. PTK changes every time I log in.

The client MAC is the MAC address of the client and the AP MAC is the MAC address of the access point. These are both discovered using ARP.

For enterprise, think AirBears2. The enterprise version of WPA/ WPA2 involves a RADIUS server for authentication. This generates a unique key per user.

For the PSK version WPA/ WPA2, think of how you connect to your router with some fixed password and login. You then generate some key based off of a fixed PSK and public nonces

A-nonce, S-nonce, AP Mac, Client MAC 都是sent without encryption.

This is only secure if attacker doesnt know the PSK.

为什么这里不用Diffi-hellman? 因为当年发明这个的人是傻逼。

Given A-nonce, Snonce, Mic(Snonce), 可以做一个offline brute force attack.

Mic is a MAC.

GTK is a broadcast key.

WPA Enterprise:  之前是安全的。。似乎被KRACK破了

When set up Airbears2, it asks you to accept a public key certificate. 

This is the public key to the authenticate server not the access point.

取代了PSK?

Replay Attack:

KRACK 

https://www.krackattacks.com/

Android and Linux is especially vulnerable..