Some sites say that the PTK is used for encrypting the data between the client and the WAP while others say that the PMK is used instead. Which one is true?
From what I understand, this can have very different security implications. If PTK is used, then the key used for encryption will be different for each user even though the passphrase is the same.(Due to differences in the Snonce and Anonce) If PMK is used instead, then compromising one key will automatically lead to a compromise of all clients in the same network, since they all share the same PMK. Of course this only applies to WPA-PSK and not WPA-Enterprise,since every client submits its own credentials in the latter.