12-09-2012, 06:14 PM
I think quite a few people are worried about asking for help testing their WPA protected wifi networks because they are concerned about making the MAC address of the AP and client publicly available.
I understand there is a way for people to find the physical location of the AP using Google or similar.
I wonder if this request may help with this problem ?
Atom, would it be possible for you to make a feature in hashcat-plus or a standalone tool to encrypt the .hccap file ? The idea is this special new feature would allow the user to make their .hccap file as normal but then encrypt it using hashcat-plus so they can then freely distribute it publicly.
People offering to help crack will also have the new version of hashcat-plus (with this feature). They would accept the "secure.hccap" file, decrypt it (automatically and internally within hashcat-plus) and start work cracking it as normal. The helpers have no knowledge of the password to open the .hccap file.
Obviously the feature where the user can see the MAC would be obscured. This way the person who captured the .hccap can feel able to distribute it knowing that people helping cannot ever see the MAC address's. When the password is found only the password is displayed.
The only problem I can think of is if someone could view what was happening in RAM and so see the MACs. However I am not sure how that is possible with GPU RAM so I will hope someone more knowledgeable than me will answer that.
I suppose a further enhancement to this would be that the ESSID is also hidden.
I guess the encryption could be to a hashcat-plus GnuPG public key and the secret key would be within the hashcat-plus binary ?
Thank you.
I understand there is a way for people to find the physical location of the AP using Google or similar.
I wonder if this request may help with this problem ?
Atom, would it be possible for you to make a feature in hashcat-plus or a standalone tool to encrypt the .hccap file ? The idea is this special new feature would allow the user to make their .hccap file as normal but then encrypt it using hashcat-plus so they can then freely distribute it publicly.
People offering to help crack will also have the new version of hashcat-plus (with this feature). They would accept the "secure.hccap" file, decrypt it (automatically and internally within hashcat-plus) and start work cracking it as normal. The helpers have no knowledge of the password to open the .hccap file.
Obviously the feature where the user can see the MAC would be obscured. This way the person who captured the .hccap can feel able to distribute it knowing that people helping cannot ever see the MAC address's. When the password is found only the password is displayed.
The only problem I can think of is if someone could view what was happening in RAM and so see the MACs. However I am not sure how that is possible with GPU RAM so I will hope someone more knowledgeable than me will answer that.
I suppose a further enhancement to this would be that the ESSID is also hidden.
I guess the encryption could be to a hashcat-plus GnuPG public key and the secret key would be within the hashcat-plus binary ?
Thank you.