How to configure mask attack
I'm trying to do a mask attack on a WPA hash, as described here . How do I set it up to try all lowercase alphanumeric characters and a password of 1-8 characters? And what kind of performance can I expect on a Nvidia GTX285 (Windows 7). Currently I'm getting about 13k/sec with the newest driver (310.70). Thanks
define a custom charset that contains both loweralpha and digits, then build your mask with that custom charset. e.g.,

-1 ?l?d ?1?1?1?1?1?1?1?1

you can expect it to be slow as dogshit.
Thanks. Now one more stupid question, I presume that if I have multiple WPA hashes in a single file, hashcat will try each password on all hashes simultaneously? How do I get all the hashes in the same file? When I use the -J option in aircrack-ng I can only export one handshake at a time. Is there a way to combine the hashes from multiple .hccap files to one?
hccap files can only contain one handshake. It's impossible to crack more than one handshake using -plus, unless you run more than one instance (with different hccap files).

I don't know how to tell aircrack-ng what handshake to convert, but I think you can work something out using pyrit.
I see. Converting each handshake to hccap from one airodump file is no problem, I just hoped there was a more efficient way to crack the hashes than to run them one at a time. But thanks anyway Smile
This is simply not possible because of the salt (ESSID) that is used by WPA/WPA2.