Hello Rene,
just to verify a few things here.
First of, I heared that both sides not only know the PMK but also the GMK, that is why the GTK can derived right? Essentially the entities on both sides (STA, AP) know the PMK and the GMK, correct?
My understanding is that in the 4-way handshake nothing is encrypted and basically open. So if anyone will throw up a wireshark anywhere and sees those messages in the air, and also knows the PMK somehow. He would be able to read all the data the client sends back and forth no?
So why exactly is the 4-way handshake considered secure? Is it because of the MIC and the replay counter? Am I missunderstanding something here?
Thanks in advance!
Kind regards,
Mirko