I was wondering what is the algorithm for cracking a wpa password?
Ok, I found some information.
When the client wants to connect, he sends a request. The AP returns a "chalenge" text, which is later returned encrypted with the pass-phrase from the client. The ap returns "greeting" msg if the text is encrypted with the correct pass. And then they start the session.
And this the so called 4-way handshake.
So what we need is the chalenge text and the encrypted text. And as the encryption is one-way, there is no way to decrypt the text.
Here why the only method which can be used is the brute force. Each possible combination is encrypted and the both encrypted texts are compared. If there is a match, the tested pass is the searched once.
As we know, there are billions billions billions of possible pass-phrases and here why dictionaries are used.
So the only thing I need know is what the programs like aircrack and cowpatty do. What encrytion method is used? How is the .cap file read?