Mode 22000 format question

[ZerBea]

Yes, you're absolutely right, when you mention the different variants and formats of WPA. Compared to md5 or sha1, EAPOL message pairs and PMKIDs of a network are not unique. This hashes depend on the current session to secure the traffic. That will lead to many, many different hashes on a single network, because every connection attempt will result in a new hash. This will increase the size of the hash files and the outfiles enormous. Luckily the PMK on a network is static. As long as the admin doesn't change ESSID (SALT) or PSK the PMK will be the same on this network. The calculation of a PMK by PBKDF2 is very GPU cycle intensive.
If you take a look at the potfile, you'll see exactly the result of the PBKDF2 calculation (all parameters to reproduce it: HASH, SALT, PASSWORD). You can try wlangenpmk (-e -p) to verify the hash.
It will save much GPU time, if you set your focus on the PMK, because PBKDF2 calculation was already done. On networks, running the same ESSID you will get the results for the "price" of one (PBKDF2 calculation). The same applies to different networks, using the same ESSID if you captured a PMKID from the first network and an EAPOL message pair from the second network. In that case you will also get 2 results for the "price" of one calculation.
This verification/evaluation/calculation is running in the background on wpa-sec (https://wpa-sec.stanev.org/?). It is extreme fast.
It would be great to see this in Hashtopolis, too.

BTW:
The source is here:
https://github.com/RealEnder/dwpa

Stay healthy
cheers
Mike

Interested in more? Discussion is moved to this place:
https://github.com/s3inlc/hashtopolis/issues/678