Hi DKblue.
usefull
all handshakes (authenticated and not authenticated) , all message_pairs (including message_pairs that need nonce-error-corrections)
valid (matching M1 and M2)
wlandump-ng asked the client to send us his M2 (we now got a M2 that matches exact to this M1)
it isn't possible that the clients M2 doesn't match to our M1
it isn't possible that there is a packetloss between our M1 and the clients M2
it isn't possible that there is no password for this message_pair
this M12E2 message_pair can be used with hashcat to recover a real, "valid" password
the password may not necessarily be the correct password for that network
it is also possible that it is only a part of the correct password or a password for another network using the same ESSID or an old password for that network
so, you're right when you say a wlandump-ng "valid" handshake is 100% crackable!
usefull
all handshakes (authenticated and not authenticated) , all message_pairs (including message_pairs that need nonce-error-corrections)
valid (matching M1 and M2)
wlandump-ng asked the client to send us his M2 (we now got a M2 that matches exact to this M1)
it isn't possible that the clients M2 doesn't match to our M1
it isn't possible that there is a packetloss between our M1 and the clients M2
it isn't possible that there is no password for this message_pair
this M12E2 message_pair can be used with hashcat to recover a real, "valid" password
the password may not necessarily be the correct password for that network
it is also possible that it is only a part of the correct password or a password for another network using the same ESSID or an old password for that network
so, you're right when you say a wlandump-ng "valid" handshake is 100% crackable!