The article actually does explain it. The bruteforcing speed doesn't change at a...

		palant on Aug 4, 2018 \| parent \| context \| favorite \| on: New attack on WPA using PMKID The article actually does explain it. The bruteforcing speed doesn't change at all, the same value (PMK) as before is being bruteforced. What changes is merely the approach to get it from the router - an attacker no longer needs to wait for a legitimate user to authenticate, they can ask the router themselves.

It's a little faster because of no nonce error correction shenanigans.