"Yes, understood the part of the complexity between PMKID and EAPOL 4way, thank you for the explanation into how the algorithm works. My question was a bit confusing, so let me change it to this: If I had multiple PMKID hashes from the same ESSID and put them all into hashcat, it does not make the PSK crack faster, correct? In fact it would take longer?"
It would take longer. The fastest method is to take only one PMKID each NETWORK.
"The manufacturer is not there, but I do know the keyspace. I would have to take some time to figure out this tool. If I choose one of manufacturers in that tool that has the same keyspace as the router I know, will the generated wordlist be optimized or does it also do a simple bruteforce mask without taking into account probability?"
No,RKG use MAC and/or ESSID to calculate only one PSK,
"I do know the keyspace. Does hcxpsktool take into account probability of same characters appearing multiple times in the PSK candidates?"
No, hcxpsktool use use MAC or ESSID to calculate a possible key space.
The difference between RKG and hcxpsktool:
hcxpsktool will work on by hcxdumptool random generated MACs, too - RKG not.
"Also may you please provide an example of hcxpsktool for a keyspace of 10 digits?"
$ hcxpsktool --digit10
no hashes loaded
9438521860
2755437655
7948132838
...
This is the entire possible keyspace of Infinitum models.
Both tools (RKG and hcxpsktool) are based on analyzed submissions of
https://wpa-sec.stanev.org/
The same applies to hcxdumptool and hcxlabtool series.
It would take longer. The fastest method is to take only one PMKID each NETWORK.
"The manufacturer is not there, but I do know the keyspace. I would have to take some time to figure out this tool. If I choose one of manufacturers in that tool that has the same keyspace as the router I know, will the generated wordlist be optimized or does it also do a simple bruteforce mask without taking into account probability?"
No,RKG use MAC and/or ESSID to calculate only one PSK,
"I do know the keyspace. Does hcxpsktool take into account probability of same characters appearing multiple times in the PSK candidates?"
No, hcxpsktool use use MAC or ESSID to calculate a possible key space.
The difference between RKG and hcxpsktool:
hcxpsktool will work on by hcxdumptool random generated MACs, too - RKG not.
"Also may you please provide an example of hcxpsktool for a keyspace of 10 digits?"
$ hcxpsktool --digit10
no hashes loaded
9438521860
2755437655
7948132838
...
This is the entire possible keyspace of Infinitum models.
Both tools (RKG and hcxpsktool) are based on analyzed submissions of
https://wpa-sec.stanev.org/
The same applies to hcxdumptool and hcxlabtool series.