17Nis
What kinds of attacks are eliminated in WPA2-PSK if for each device there’s a different (secret) PSK?
With regular WPA2-PSK there's the fact that every device shares the same PSK, hence it's possible to impersonate the AP by setting up an Evil Twin and watching the traffic. This isn't possible without knowing the PSK, so for a setup where each station has a different and secret PSK:
- How does the attack surface look like when one of the station gets compromised?
- Is ARP spoofing possible?
- Does using static IPs change anything?
- What about promiscuous mode?
For context, I made this to avoid the evil twin attack: https://github.com/fakuivan/hostapd-slppsk, which essentially gives each station its own password based on a master password and the mac address by concatenating and hashing with AES256. I'm not particularly interested (although issues in the repo are welcome!) about discussing any downsides of this implementation here.
