I'm very familiar with all the things you're referring to.

In this case I believe you're confusing packet sniffing to determine a WAP key (or maybe a WPA key) by listening to OTA header/tailer info to determine the key. There's nothing really comparable in Military grade encryption especially at AES 256+ which is what we're talking about here.

Most encryption including this type requires some sharing of code to establish synch, this is called a preamble. a few bits of the key are shared (obviously with the same device algorithm or "black" at each end). And I've run out of steam to explain any more of that process, Google it.

I'll give you the best vector in, but honestly if I can't break it with everything at my disposal you've got no chance.

Occasionally radios in the network will lose their code fill, in a dynamic environment OTAR (over the air rekeying) is possible.

Say for instance you had a team on the net dump codes because they thought they were being overrun but somehow they fight back and re-establish their position. In this type of instance ( where you need to get a team back in the net) there are hard coded keys that are by their very nature able to be compromised through over use.

So...if you listen to the control channel here at 860.9375 for centuries, and they OTAR radios all day long for a hundred years or so, you may indeed catch the key fill, assuming you also have a super cluster of PS3's in your basement you can shift from bit mining to sifting for a key.

Fat Dave's cocktails are responsible for this rambling post, and they're ok with that :)