4

When I connect to a Wi-Fi network I know the password of, how does the device send the password?

Specifically, what prevents the network next door from catching that message and thereby learning the password?

The Wi-Fi traffic itself is encrypted with WPA2, but that will only start after you've authenticated yourself to the access point, right?

I suppose it is possible to ask the router for it's public key, and encrypting the password plus a timestamp (or something) and then send it to router. However, I haven't been able to find anything on it, mostly because my search results for e.g. "how does wifi connection process work" get flooded with clueless internet users asking why their wifi connection doesn't work... And then on top of that, I find this article stating:

There’s no sort of password hash that your Android phone could send your router to authenticate besides the password itself.

But there must be something I'm missing...

Overleaf
  • 141
  • 1
  • 6
  • @Arminius ah yes, it does seem to be. I would've never thought of searching for "evil twin phising" though :) That's a very nice answer, definitely clears up some stuff! – Overleaf Nov 24 '17 at 12:14

1 Answers1

2

This question has many (common) misconception about WiFI and how it works.

First, No you do not need the 'password' to 'connect' to the Wireless Network. The connection to the network (e.a. the 4 way handshake) is done before any password is transmitted to the access-point (sometimes known as a [wifi-] router).

When talking about pre-shared key scheme (WPA2-PSK), the most common on home and small office access-points (or AP) the password is never actually transmitted over the channel, instead the key is used as a 'seed' for a key generation scheme that will generate the 256 bits shared key which is used to create a 128 bits encryption key for data transmission on the channel.

The channel is first created with the 4-way handshake (similar to how TLS works). Than the 128 bits Encryption key is used to encrypt the data contents of each frame transmitted between the AP and Client.

Having the Pre shared key means you can decrypt the data either by bruteforceing all possible key values for a given Pre-shared key. Or by doing a MiTM between the AP and the client as a rogue-AP.

Since the attacker can have the Pre-Shared key a rogue AP is possible.

For Corporate networks that do not use the WPA-PSK scheme authentication, authorization and the keys used are controlled by network-devices like a RADIUS server. Having the key will not help you connect in those cases, since they employ multiple identifiers to authenticate you with.

If you want to learn more about how wifi works, read up on its specs using the thenical name. the IEEE_802.11 Specifications.

LvB
  • 8,336
  • 1
  • 27
  • 43