It would be much appreciated if you share your experience with us.
Hash mode 2501 (16801, 22001) doesn't make me wince.
I really love this "verification" modes and that is exactly the reason, why I explained the purpose of them to Atom and asked him to add this modes (apart from this, it was also the reason for me to code hcxdumptool and hcxtools).
That include hash mode 22000 to get full benefit of reuse of PBKDF2 over PMKID end EAPOL.
https://github.com/hashcat/hashcat/issues/1816
This are my experiences (PMK verification) on hash mode 2200x:
Please notice:
This is only a demonstration.
To save time, I used --nonce-error-corrections=0 (NC).
Due to packet loss during capturing (some of the capturing tools are not able to detect this), a few of the hashes require a higher NC to recover the PSK. Unfortunately this will increase task time, too. For a demonstration it is not worth it.
BTW:
I don't use the ancient modes 250x and 1680x any longer since Atom added 2200x to hashcat.
Hash mode 2501 (16801, 22001) doesn't make me wince.
I really love this "verification" modes and that is exactly the reason, why I explained the purpose of them to Atom and asked him to add this modes (apart from this, it was also the reason for me to code hcxdumptool and hcxtools).
That include hash mode 22000 to get full benefit of reuse of PBKDF2 over PMKID end EAPOL.
https://github.com/hashcat/hashcat/issues/1816
This are my experiences (PMK verification) on hash mode 2200x:
Code:
$ hashcat -m 22001 -w4 --nonce-error-corrections=0 hash.22000 pmk.list -o found
hashcat (v6.1.1-120-g15bf8b730) starting...
CUDA API (CUDA 11.2)
====================
* Device #1: GeForce GTX 1080 Ti, 10859/11175 MB, 28MCU
OpenCL API (OpenCL 1.2 CUDA 11.2.136) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: GeForce GTX 1080 Ti, skipped
Minimum password length supported by kernel: 64
Maximum password length supported by kernel: 64
Hashes: 699380 digests; 699380 unique digests, 221559 unique salts
Bitmaps: 17 bits, 131072 entries, 0x0001ffff mask, 524288 bytes, 5/13 rotates
Rules: 1
Applicable optimizers applied:
* Zero-Byte
* Slow-Hash-SIMD-LOOP
Watchdog: Temperature abort trigger set to 90c
Host memory required for this attack: 491 MB
Dictionary cache built:
* Filename..: pmk.list
* Passwords.: 299836
* Bytes.....: 19489282
* Keyspace..: 299836
* Runtime...: 1 sec
Session..........: hashcat
Status...........: Exhausted
Hash.Name........: WPA-PMK-PMKID+EAPOL
Hash.Target......: hash.22000
Time.Started.....: Mon Feb 22 10:52:46 2021 (34 mins, 16 secs)
Time.Estimated...: Mon Feb 22 11:27:02 2021 (0 secs)
Guess.Base.......: File (pmk.list)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 43622.5 kH/s (0.00ms) @ Accel:64 Loops:1024 Thr:1024 Vec:1
Recovered........: 686597/699380 (98.17%) Digests, 213641/221559 (96.43%) Salts
Remaining........: 12783 (1.83%) Digests, 7918 (3.57%) Salts
Recovered/Time...: CUR:21229,N/A,N/A AVG:20035,1202122,28850930 (Min,Hour,Day)
Progress.........: 66431364324/66431364324 (100.00%)
Rejected.........: 221559/66431364324 (0.00%)
Restore.Point....: 299836/299836 (100.00%)
Restore.Sub.#1...: Salt:221558 Amplifier:0-1 Iteration:0-1
Candidates.#1....: 0000000000000000000000000000000000000000000000000000000000000000 -> ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
Hardware.Mon.#1..: Temp: 74c Fan: 59% Util: 76% Core:1847MHz Mem:5005MHz Bus:16
Started: Mon Feb 22 10:52:34 2021
Stopped: Mon Feb 22 11:27:03 2021Please notice:
This is only a demonstration.
To save time, I used --nonce-error-corrections=0 (NC).
Due to packet loss during capturing (some of the capturing tools are not able to detect this), a few of the hashes require a higher NC to recover the PSK. Unfortunately this will increase task time, too. For a demonstration it is not worth it.
BTW:
I don't use the ancient modes 250x and 1680x any longer since Atom added 2200x to hashcat.