hashcat Forum

Full Version: oclHashcat-plus v0.06 - use all handshakes
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
If we have several handshakes of the same network inside one capture, does oclHashcat-plus check them all like pyrit with --all-handshakes option or just one?
wait, oclHashcat-plus does not handle the handshakes inside the .cap file. it just cracks them. thats why you have to convert them before.

to your question: i am not very experienced with aircrack-ng, but if its possible to select a specific handshake to export, this can result in the same as --all-handshakes by exporting multiple and running oclHashcat-plus on multiple handshakes several times.
(11-01-2011, 10:45 AM)atom Wrote: [ -> ]wait, oclHashcat-plus does not handle the handshakes inside the .cap file. it just cracks them. thats why you have to convert them before.

to your question: i am not very experienced with aircrack-ng, but if its possible to select a specific handshake to export, this can result in the same as --all-handshakes by exporting multiple and running oclHashcat-plus on multiple handshakes several times.

Thank you for your response.

The capture may contain several handshakes of the same network. Some of them may be bad (it is a wireless network, so it is not reliable and so on). Selecting just one handshake for each attack cycle will require N dictionary cycles to work out all handshakes (where N is the number of handshakes), while attacking all available handshakes at the same time will require less time because the bottleneck is computing the PMK, not comparing results, right?

Pyrit maintainer has the same opinion (see attack_passthrough section of http://pyrit.wordpress.com/page/5/ )

So the question is: is .hccap file format capable of handling several handshakes of the same network?
It will be very impressive to attack all of them at the same time without loss of performance.

i had the same thoughts when writing the wpa kernels. so i talked to aircrack-ng developer misterx and he said you should use the "wpaclean" utility before converting the .cap to .hccap. this wpaclean utility automatically sorts out a single but clean wpa handshake into an outfile. this file should be used when running aircrack-ng in -J mode to convert it to .hccap
Thanks, I will check it.