I am studying WEP protocol and more specifically fake authentication attack. Man page says
This is only useful when you need an associated MAC address in various aireplay-ng
attacks and there is currently no associated client.
Whereas the whole point of the attack is to authenticate by capturing an authentication, and retrieving from it the keystream, then from keystream, being able to create a response based on AP challenge as explained here.
So I am struggling to understand how would it be useful, as it requires first an authenticated user to de-authenticate to capture the challenge/response, and considering that man says this is only useful when there is no associated client ? What's the purpose of this attack then, apart to authenticate (and then not be able to do anything, as only 128 bytes of keystream is revealed ?)
