Holes in the WiFi

teleforce · on May 21, 2021

Previous discussions regarding the issues on HN:

[1]https://news.ycombinator.com/item?id=27140251

[2]https://news.ycombinator.com/item?id=27121918

ChrisArchitect · on May 21, 2021

yes

[dupe]

baybal2 · on May 21, 2021

I'm glad they did not outright killed fragmentation.

That would've been a tragedy for WiFi MCUs with few hundred kilobytes of memory.

_trampeltier · on May 21, 2021

Why the big trouble anyway. Does not the client device send the password to every AP just with the same Name?

bscphil · on May 21, 2021

No. In Wi-Fi protocols, the client never sends the password to the AP at all. See https://en.wikipedia.org/wiki/IEEE_802.11i-2004#Four-way_han...

ramshorst · on May 21, 2021

Only an encrypted version of the password right ?

sohkamyung · on May 21, 2021

The password is never 'shared', encrypted or not. Instead, both the client (Station) and the AP have to prove to each other that they already know the password (shared key).

From the Wikipedia article:

> The four-way handshake is designed so that the access point (or authenticator) and wireless client (or supplicant) can independently prove to each other that they know the PSK/PMK, without ever disclosing the key.

nly · on May 21, 2021

In WPA2 if the key is weak it's irrelevant, since anyone capturing one handshake can brute force it offline (without communicating with the AP).

atatatat · on May 21, 2021

Every reconnect.