How WPA2-PSK encryption works?

Question

When a new client tries to connect with wi-fi, it enters a password which is provided by the wi-fi owner. I wonder what is so hard to capture this password by a hacker when it is being sent to router for authentication? Client can't encrypt this password because symmetric key for encryption/decryption are not exchanged till yet. Only the password is sent which must be in plain text.

Second thing, now suppose multiple clients are connected with the same wifi. Why can't they read traffic of one-another? Are all of them using different symmetric key?

Is pre-shared key same as the password which your wifi owner provides you to enter? If it is a password then there is no sense to call it as key because there is a huge difference between a password and a key. Passphrase=Password but both are not equal to key.

Answer 1

You're right that a key is not the same as a password. But a password can be used to derive a key. So some people just call the password a PSK, since it is pre-shared and is all one needs to know to derive an actual key.

In the case of WPA2-PSK, the password is indeed used to derive a key (using PBKDF, a slow hashing function). We call this key the Pairwise Master Key (PMK). Neither the password or the PMK are ever sent to the router. Instead, a four way handshake is used to ensure that the router knows that you know the PMK, and that you know that the router knows the PMK (i.e. a hacker didn't set up a fake router).

This handshake also allows both parties to derive another key, the Pairwise Transient key (PTK). This key is used to actually encrypt the connection.

So basically, no information that a hacker can use is sent over the connection. It only works if you and the router had the same initial password.

This also answers your second question. The PTK is different for every client, since it is based on the client's MAC address and some arbitrary numbers (nonces) sent in the handshake. As a result the PTKs are different for every client.

However, someone who knows the password (and therefore the PMK), and monitors the handshake (i.e. knows the MAC addresses and nonces) has enough information to reconstruct the PTK for another user. So it is possible to decrypt WPA2-PSK traffic provided you know the password.