1

In WPA 4-Way Handshake, SNonce, ANonce, AP MAC addr and STA MAC addr are exposed to an eavesdropper Eve. But I think it is still safe unless PSK (password) is exposed to Eve.

If PSK is exposed, however, I think connection is not secure any more since Eve can acquire all parameters to derive PTK. (PTK is a function of PSK, ANonce, SNonce, AP MAC addr, and STA MAC addr)

Is my understanding is correct?

I ask this question because some shops provide free access point service in WPA-PSK mode and they expose a password. In such a case, I think using such free access points is not secure any more, even though they are operating in WPA-PSK mode.

Jeon
  • 141
  • 4
  • 1
    I would agree, it is not secure against snooping by an passive attacker and certainly not against MITM active attacker. But since the AP itself cannot be trusted in a public WLAN a VPN or at least ALL-TLS is mandatory anyway. – eckes Jun 02 '17 at 08:17

1 Answers1

1

I have no knowledge about the details of WPA implementation, but what I can tell from basic knowledge: if you expose the Pre-Shared Key, then anyone can simply log on to your network, without needing that other handshake data. And if he actually wants these, he'd do a wireshark monitoring of the logon.

Tobias Knauss
  • 111
  • 3
  • The question is not about logon security but against passive attackers who does snooping. – eckes Jun 02 '17 at 08:15
  • 1
    @eckes: oh, now I see. The title of the question is somewhat misleading. He worries about breaking into his existing connection. In this case, yes, he is right. And your comment below the question should be an answer. – Tobias Knauss Jun 02 '17 at 08:31