To add to what Philippe said, WPA2-PSK is officially called WPA2-Personal. It is meant for home use where there is no authentication infrastructure.
The WPA2-Enterprise system requires an 802.1X authentication infrastructure for support and it offers higher security than WPA2-Personal. Enterprises should avoid WPA2-Personal whenever possible. Bruce Osborne Network Engineer IT Network Services (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Hanset, Philippe C [mailto:phan...@utk.edu] Sent: Thursday, April 18, 2013 5:28 PM Subject: Re: Is it possible to crack a WPA2 Enterprise network Jason, Your subject mentions WPA2-enterprise, and the body of your text mentions PSK. If you move your infrastructure to WPA2-PSK, yes if someone watches the 4 way handshake they can get the key between AP and device for all people on the WPA2-PSK network. With WPA2-enterprise it is more complicated since each user has a key per session and you can also change the rekeying interval. There are some papers out there showing that they can crack WPA2-enterprise but it seems like a lot of work Philippe Philippe Hanset www.eduroam.us<http://www.eduroam.us> On Apr 18, 2013, at 4:22 PM, "Becker, Jason" <jbec...@wustl.edu<mailto:jbec...@wustl.edu>> wrote: We planned to move to a psk ssid but have heard that it is possible to decrypt this traffic if you have the key and watch the 4 way handshake to get the key between the ap and device. Has anyone run into this or been able to do this? ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.