Speed issue with WPA2
#1
Hello,

New to hashcat I have a couple of questions for which I could not find answers.

1. I am trying to hash a WPA2 coming from a .hccapx (part of a CTF challenge) and I encounter some speed issues.
Standard speed is said to be at 1190.5 kH/s, but here is what I have with a MacbookPro :

* Device #1: Intel(R) Core(TM) i7-xxxxx CPU @ 2.30GHz, skipped.
* Device #2: HD Graphics 4000, 384/1536 MB allocatable, 16MCU
* Device #3: GeForce GT 650M, 128/512 MB allocatable, 2MCU

Speed.Dev.#2.....:     2817 H/s (9.78ms)
Speed.Dev.#3.....:     4641 H/s (6.00ms)
Speed.Dev.#*.....:     7459 H/s

Masks or dictionary attack both keep speed at these values.
Switching to CPU+GPU with -D slightly increase the total speed to 12000 H/s but it is still 1k magnitude less than what it should be. I know a Macbook is not appropriate for hash but still, seems way to low. What could be the reason ? 


2. Meanwhile I firstly thought the encryption was WPA/PSK so I used the -m 2501 hash type but in Mask attack, all my masks are said to be "smaller than the minimum password length" although they have at least 9 characters. Should I provide something else to hashcat to hash PSK ?


3. Besides, I have over 500 hundreds lines in my .hcmask file. The estimated time is "1 days 20 hours" days for all. When I only use one line in the mask file, the estimated time stays the same. Does it only take into account the current guess.queue as if it was the only one ? (Same with Progress which seems to be related to the current guess.queue only)


Thanks for your help,

Nay
Reply
#2
1. do your masks have a static prefix? are you using rules with the wordlist?
2. 2501 WPA PMK, not WPA PSK. If you don't know what PMK means you don't need it.
3. estimated time is only for the mask being processed right now
Reply
#3
it could also be that you are cracking multiple networks.

For instance if the status line doesn't say:
Code:
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts

... if there isn't the x/1 digest and x/1 salts, it means that several networks/salts are tested (within the hccapx).

you wrote that
Quote:Standard speed is said to be at 1190.5 kH/s
... there is no such thing as standard speed. furthermore over 1MH/s sounds too much for a normal cracking rig @ -m 2500 = WPA/WPA2. I think you are mixing up hashing algorithms or something like this
Reply
#4
Thank you both for your reply.

@undeath
- I used a lightly modified version of a ipv4 mask made by Royce and suggested by you times ago : http://pastebin.com/4HQ6C8gG
- Thanks for other clarification

@philsmd
- I indeed have that line Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
- My mistake then, I found a post saying so, I should have checked myself
(https://security.stackexchange.com/quest...to-hashcat)

In the overall, what would be a usual range of H/s I should get with the WPA hash ?
Reply
#5
given your low-end hardware the numbers you see seem plausible.
Reply
#6
Ok thank you
Reply