Hash Mode question
#1
Hello,
in the hash mode parameters list I see these:
2500 | WPA-EAPOL-PBKDF2                                | Network Protocols
2501 | WPA-EAPOL-PMK                                    | Network Protocols
16800 | WPA-PMKID-PBKDF2                                | Network Protocols
16801 | WPA-PMKID-PMK                                    | Network Protocols


What are the differences between them?
I used to get a WPA handshake in a .cap file with aircrack (disconnecting a user and waiting for his reconnection), convert it in a .hccap file an then run hashcat with hash mode 2500.
Are some of these hash easier/harder to get/crack?
Thank you.
Reply
#2
PMK modes are for SSID-specific lookup tables (poor man's rainbow table) and are generally only useful in very specific circumstances.

PMKID is a slightly different attack on WPA that is generally more robust but does not work with every router. For more info see here: https://hashcat.net/forum/thread-7717.html

Don't use aircrack. hcxtools are much more robust for capturing and extracting relevant data.

hccap is old and deprecated, a successor format is hccapx. The next stable version of hashcat (>5.1.0) will replace hccapx with a text-based format.

also see ZerBea's answer here: https://hashcat.net/forum/thread-9089.html
Reply