4-Way handshake in WPA-Enterprise?
I'd have a question regarding WPA Enterprise and the 4-way handshake.
I always thought that this handshake would be implemented in both WPA-PSK and WPA Enterprise, thus this classic WPA-PSK vulnerability where an attacker captures a handshake and performs a brute force attack would exist in WPA Enterprise aswell.
Now I researched a bit and I found a paper that explains the 802.11i standard quite detailed ... but I found no indicator that this handshake exists in WPA Enterprise. Instead I found the indication that the PTK is sent to the Client over the wireless network in a TLS tunnel (of whatever authentification is used)?
Is that correct? I'm just asking because it seems quite implausible to me why the PTK would be sent over the wireless network.
sorry to bump this, but I meanwhile found out that there is indeed a 4-way handshake in WPA Enterprise. The PMK is only sent to the AP, not to the Client. The client generates the PMK through a shared secret between Client and RADIUS-Server ... and in the end there is the 4-way handshake to verify that Client and AP have the same PMK.
just saying this for the case anybody else has this question in the future...