> That's pretty simple: don't accept DEAUTH packets from strangers.<p>Doesn't that basically enable stuck sessions? Unless you've got a perfect, proven session recovery system that can work with any amount and selection of dropped / error frames, you'll need a way to say "I don't know what's going on, let's start again". With TCP you simply drop the connection and start again. With Wifi, what's the solution?<p>> This can be achieved using key derivation functions like PBKDF2 or Scrypt.<p>Yeah... no. That simply moves the cracking from the "crack the passphrase" to "crack the resulting hash" scenario. We're already at that stage and that's what's currently broken in attacks on the downgrade to RC4. It doesn't matter what the original passphrase was.<p>> The problem exists because WPA2 has a fatal cryptographic flaw which allows the derivation of the master key which is shared across all connected peers.<p>Only in WPA2 personal. At this point I give up. This is not a proposal... It's more of a rant about the current state of things.