== Understanding what our wireless password protects I don't have a deep understanding of wireless networking protocols. Usually this is fine and I can get by on broad knowledge and superstition. But as part of reading about [[KRACK https://www.krackattacks.com/]], I found myself not sure of how exposed we were in some ways, because I wasn't sure what wireless passwords actually protect. Did they only protect access to your WPA/WPA2 wireless network, or did they also secure data being transmitted and received? (This may sound like a silly question, but [[Diffie-Hellman key exchange https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange]] can arrange encryption between parties without any shared secret. It's perfectly possible for wireless networking to only use the wireless password to authenticate your access to the network and then have you and the {{AB:AP:Access Point}} use some form of Diffie-Hellman to negotiate the actual encryption keys.) The short answer is that ~~wireless passwords are used for both authentication and encryption~~. As best I can determine from following along in the four-way handshake from [[IEEE 802.11i https://en.wikipedia.org/wiki/IEEE_802.11i-2004]] and reading people's discussions of it, the wireless password is the only piece of secret information that goes into the encryption keys negotiated between a wireless client and the AP; everything else is visible to eavesdroppers and so doesn't protect the eventual key. If you know a network's password, you can decrypt all traffic from other people that you can snoop, provided that you captured their initial authentication to the AP. (Confirmation for this comes from things such as [[Wikipedia's discussion of the lack of forward secrecy in WPA https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#Lack_of_forward_secrecy]].) This means that [[KRACK]] is in some senses much less nasty against wireless networks where the wifi password is already widely known and you assume that your network may already have eavesdroppers on it. [[KRACK]] basically gives outsiders some or a fair bit of the power that a semi-insider with the password already has. Your pool of attackers may be wider, but the severity is no worse than it was before; your worst case is still a complete loss of encryption on wireless communication. PS: I'm not surprised by this result, because it's what my broad knowledge and superstition had led me to believe was the case. But it's one thing to just believe something because it's what I think I've heard and another thing to have actually tried to look it up to be sure.