4-Way Handshake

I was thinking to write about the 4-way handshake and started to think that from where I should start writing. Shall I just describe 4-way handshake which can be found everywhere on the web or shall I do a deep dive?  Reason for me to write is to make it easier to understand for non WiFi people who can just read and understand because sometimes different terminologies used in this process can be confusing. So, let’s start with…

What is 4-way Handshake:

The 4-way handshake is the process of exchanging 4 messages between an access point (authenticator) and the client device (supplicant) to generate some encryption keys which can be used to encrypt actual data sent over Wireless medium. These keys which are generated through 4-way handshake are generated by some source key material which will be discussed later.

If you do not want to get confused about the terminologies used in 4-way handshake then let’s have a quick look. Let’s see what terminologies we might come across to understand 4-way handshake. I would say don’t be scared of these terminologies. It’s like much ado about nothing.

These are the few keys we will be discussing…

  • MSK (Master Session Key)
  • PMK (Pairwise Master Key)
  • GMK (Group Master Key)
  • PTK (Pairwise Transit Key)
  • GTK (Group Temporal Key)
  • ANonce
  • SNonce
  • MIC

I will start by talking about the keys which are generated during the 4-way handshake and towards the keys and other variables needed in order to generate these keys.

PTK (Pairwise Transit Key):

Pairwise transit key is used to encrypt all unicast traffic between a client station and the access point. PTK is unique between a client station and access point. To generate PTK, client device and access point need the following information.

PTK = PRF (PMK + Anonce + SNonce + Mac (AA)+ Mac (SA))

Anonce is a random number generated by an access point (authenticator), Snonce a random number generated by the client device (supplicant). MAC addresses of supplicant (client device) and MAC address of authenticator (access point). PRF is a pseudo-random function which is applied to all the input.

PTK is dependent on another high-level key PMK (pairwise master key) which is discussed below.

GTK (Group Temporal Key):

Group temporal key is used to encrypt all broadcast and multicast traffic between an access point and multiple client devices. GTK is the key which is shared between all client devices associated with 1 access point. For every access point, there will be a different GTK which will be shared between its associated devices.

GTK is dependent on another high-level key GMK (group master key) discussed below.

PMK (Pairwise Master Key):

What is PMK and why we need it? Now we know what is PTK and GTK. PTK is generated with the help of PMK. As we discused above in order to generate PTK, we need the following input.

PTK = PRF (PMK + Anonce + SNonce + Mac (AA)+ Mac (SA))

Pairwise master is key generated from master session key (MSK). In case of WPA2/PSK when device authenticates with access point the PSK becomes PMK.

Point to Remember: PMK resides on all stations as in AP and client devices, so we do not need to share this information. We use this information to create PTK which are used for unicast data encryption.

GMK (Group Master Key):

Group master key is used in a 4-way handshake to create GTK discussed above. GTK is generated on every access point and shared with the devices connected to this AP.

MSK (Master Session Key):

The master session is the first key which is generated either from 802.1X/EAP or derived from PSK authentication.

We discussed above keys from bottom to top and how keys are dependent on other keys. This is the view from top to bottom.

  1. The first level key is generated is MSK during the process of 802.1X/EAP or PSK authentication.
  2. The second level key is generated from MSK is PMK and GMK. PMK is used to generate PTK and GMK is used to create GTK.
  3. Third level keys are the actual keys used for data encryption.

(Keys Hierarchy)

4-Way Handshake in Action: 

Once we understand important keys and how they are generated now let’s have a look on an actual 4-way handshake. Imagine an access point is configured with WPA2/PSK and device is trying to connect to it. In our example its SSID PRINTERS with password printer123.

Sooner user click on printers SSID it goes through the states which I have discussed in another post. From authentication to the association to security validation. This is where 4-way handshake happens, instead of sending the password to the access points there are EAPOL (Extensible authentication protocol over LAN) messages exchange happens.

(4-way handshake)

Device States:

A device going through states from authentication to association. Once the device is authenticated and associated and now security will be checked, and 4-way handshake will start.

4-way handshake Wireshark view:

Message1: access point sends EAPOL message with Anonce (random number) to the device to generate PTK. Don’t forget client device knows Ap’s MAC because its connected to it. It has PMK, Snonce and its own MAC address. Once it receives Anonce from access point it has all the inputs to create the PTK.

PTK = PRF (PMK + Anonce + SNonce + Mac (AA)+ Mac (SA))

Mac address 9c:5d:12:5e:6c:66 is source address or mac address of the access point who is sending first EAPOL message to the device and d0:c5:f3:a9;16:c5 is Mac device. In this message access point sending ANonce to the client device.

(Anonce from AP to the device)

Message2: Once the device has created its PTK it sends out SNonce which is needed by the access point to generate PTK as well. The device sends EAPOL to AP message2 with MIC (message integrity check) to make sure when the access point can verify whether this message corrupted or modified. Once SNonce received by the AP it can generate PTK as well for unicast traffic encryption.

This is the second message going from the client device to AP with Snonce and MIC field set to 1.

(Message 2)

Message3: EAPOL message3 is sent from AP to client device containing GTK. AP creates GTK without the involvement of the client from GMK.

(Message 3)

Message4: Fourth and last EPOL message will be sent from the client to AP just to confirm that Keys have been installed.

4-way handshake Result:

Control port unlocked: Once the 4-way handshake is completed successfully virtual control port which blocks all the traffic will be open and now encrypted traffic can flow. Now all unicast traffic will be encrypted with PTK and all multicast traffic will be encrypted via GTK which created in the 4-way handshake process.


Lets summaries all this what we have discussed above. I have broadcasted PRINTERS SSID and tried to connect to it.  AP is beaconing SSIDs and when I clicked PRINTERS SSID to connect we can see full conversation with acknowledgment frame.

The device is requesting to connect to PRINTERS and the access point is responding with a probe response. Now device goes through the states from unauthenticated and un-associated to authenticated and associated.

Once authenticated and associated now it goes through security check and 4-way handshake happens and after successful 4-way handshake now the control port will be open for communication.

(Full conversation from association to complete 4-way handshake)

23 thoughts on “4-Way Handshake

  1. I see you don’t monetize wifi-professionals.com, don’t waste your traffic, you can earn additional bucks every month with new monetization method.
    This is the best adsense alternative for any type of website (they approve all sites), for more info simply search
    in gooogle: murgrabia’s tools

  2. I see you don’t monetize wifi-professionals.com, don’t waste your traffic, you can earn extra cash
    every month with new monetization method. This is the best adsense alternative for any type
    of website (they approve all sites), for more details simply search in gooogle:
    murgrabia’s tools

  3. Pingback:Kali Linux on RasperryPi – Understand 802.11 – CUNG HOC ESP32

  4. Came here looking for the meaning of Anounce and Snounce and just got lost in the superb explanation until now, its when I remembered what I was looking for.

  5. Thanks for the great article. However, it is still unclear how (or at what step) the password “printer123” is used. Can you explain?

  6. Amazing explanation this is what I was searching for.

    But could you explain where the password “printer123” Is used in 4-way handshake or is it after that?

  7. @jahanzab I got the answer for our question. It is available in quora.

    MIC and KCK is the answer.

    AP knows the password because we stored the password (your wifi password) in AP configuration page.

    PMK is generated by encrypting the password and then send over by PTK. Here MIC needs to validate the code at Access Point and at Client. That means MIC carries the encrypted password which was created by KCK (key confirmation key).

    Now let’s say using aireplay we capture the handshake and CAP file is stored offline.

    Aircrack brute force will create a virtual AP and Client in our PC and they will do the 4 way handshake but here each time a new MIC (password from brute force file) will be used to compare with actual MIC in CAP file. Once the password matches bruteforce will show the password.

    Quora guy explained even in more detail. Check out his answer

  8. @gameon, I also have the same question, can you link to the Quora answer?
    Also, I understand all 4 messages but I don’t see how both ends apply the “PRF”. The post says “PRF is a pseudo-random function which is applied to all the input.”, but they are lot’s of them, how do they know what pseudo-random function to use for the given inputs.

    Great article, thanks and keep it up!

  9. hey can anybody help me out , i want to know that do wep also used 4 way handshake. I know that wpa/wpa2 uses it but what about “wep”.

  10. When do the EAPOL_START message is send from supplicant to AP? Is it immediately after the the authorization and association? Does all devices send EAPOL_START?

  11. My Question is , how MIC value is calculated in 3 Msgs (Msg2-4) and validated at opposite ends ? If any new client joins the BSS , Will AP generate new GTK and shared with all clients or already cretaed GTK shared to the new client ?

Leave a Reply

Your email address will not be published.