Handshake theory

In WPA, each packet is encrypted using a unique temporary key. It is not like WEP, where IVs are repeated, and we collect a large number of data packets with the same IVs. In each WPA packet, there is a unique temporary IV, even if we collect 1 million packets, these packets will not be useful for us. These packets don?t contain any information that can help us to determine the actual WPA key.

The only packets that contain useful information and help us to determine the key are the handshake packets. These are the four packets, and these packets will be sent when a new device connects to the target network. For example, suppose we are at home, our device connect to the network using the password, and a process called four-way handshake happens between the AP and the devices. In this process, four packets called the handshake packets, get transferred between the two devices, to authenticate the device connection. We can use a wordlist using the aircrack-ng and test each password in the wordlist by using the handshake. To crack WPA encrypted network, we need two things: we need to capture the handshake, and we need a wordlist that contains passwords.