Yes, it is still possible to decrypt WPA if you know the password and capture the beginning of the users' session. You can also spoof a de-auth to cause a user to reconnect if you weren't present for the start of their session.
This doesn't address problems with arp-spoofing, fraudulent DHCP servers or fraudulent access points, but it does raise the bar in the complexity of the attack.
HTTPS with a valid signed certificate would still be necessary to deal with the other attacks. Or maybe a VPN connection to a network you trust.
1 comment
[ 4.8 ms ] story [ 12.8 ms ] threadThis doesn't address problems with arp-spoofing, fraudulent DHCP servers or fraudulent access points, but it does raise the bar in the complexity of the attack.
HTTPS with a valid signed certificate would still be necessary to deal with the other attacks. Or maybe a VPN connection to a network you trust.