What does the WPA handshake do?
Can someone explain to me in what consists the Four-way Handshake in WPA-Personal (WPA with Pre-Shared Key), which informations are being sent between AP and client, how is it possible to find the AP Pre-Shared Key from these informations after we capture the Four-way Handshake.
The basic description that I read in an article said that a four-way handshake is a type of network authentication protocol established by IEEE-802.11i that involves standards set up for the construction and use of wireless local area networks (WLANs). The four-way handshake provides a secure authentication strategy for data delivered through network architectures.
The four way WPA handshake is actually very simple, but clever:
- The AP sends a value to the Client. (This is not protected in any way).
- The client generates a key and sends back its own random value and as code to verify that value using the value that the AP sent.
- The AP generates a key and if needed sends back a group key and another verification code.
- The Client sends back a message to confirm everything is okay.
It is actually really hard to crack the key using this method, it would take roughly 4 million years to break the key using brute force. If you still want to try I have attached a guide linking directly to the crack page, this guide also details how to find the handshake packets.