I've been reading about the Pixie Dust attack from various sources, that provide a low-level explanation of how it works.
In the values
E-Hash1 = HMAC(AuthKey, E-S1 || PSK1 || PKE || PKR)
and
E-Hash2 = HMAC(AuthKey, E-S2 || PSK2 || PKE || PKR)
PKE and PKR are known. PSK1 and PSK2 are the first and last 4 digits of the 8-digit PIN respectively. The E-S1 and E-S2 values are supposed to be random. However, in some implementations they are generated with insecure PRNGs and can be easily guessed.
So in every description of the attack, they say that we can brute-force the PSK1 and PSK2 values and recover the PIN.
However, HMAC uses the AuthKey as secret key to generate the E-Hash values. If we don't know the AuthKey, how can we brute-force the PSK values?
I didn't find a source that incorporated the part of how the AuthKey is found. I hope that someone can shed some light on this.