[CSAIL - MIT]: New Wi-Fi security method does not require password

TL;DR: wireless communications can be attacked by injecting partial packets into the wireless stream. An attacker just needs a higher-power transmitter. They propose adding a second signature using on-off keying because an attacker can't simulate an "off".<p>First of all, it's not true that a jammer can't simulate silence. It's tricky and requires phase locking with accurate propagation delay estimates to the receiver, but possible.<p>It also does nothing against a relay attack where the client can't hear the server directly. For example, I could relay the wireless AP from two rooms over so you'd connect to that one entirely through my relay.

There is a way to do smart card authentication to a LAN,where you would not be required to enter a password to connect and everything would be wpa2 encrypted. I implemented it before in a MS environment. It required a ton of painful configuration. The downside, even though it worked, was that it was pretty flaky and refused to stay connected for certain users when we rolled it out. Ended up scrapping it for a wpa2+password setup with a better password than the old one.

While I think it -could- work, no 2 people could authenticate at the same time, even to different access points. That would be a nightmare for conventions.