Tom’s hardware is running a large YAAyWoG-story (Yet Another Article About WPA-cracking on GPUs), describing the state of the art of WPA-cracking. The article goes into quite some detail about the theory and pretty much covers all the current options regarding tools and hardware. Pyrit is used as the only example on EC2-instances as it is the only GPU-driven, Linux-capable tool currently out there. It also comes out pretty favorably at the benchmark.
I’m really impressed by the fact that despite Pyrit having cracking-capability during most of it’s lifetime far superior to coWPAtty, all articles that ever mentioned Pyrit fall back to the “Pyrit+coWPAtty” scenerio.
In case you missed it, just let me stress the fact that Pyrit does not only compute PMKs. It can also receive live data from a monitor-device, read data from a capture-file, parse the data with great accuracy and attack EAPOL-handshakes with far greater efficiency than what other FOSS-tools currently can do.
Reading the documentation really helps before writing an article.
In other news: Parsing the data and getting a good set of candidates to attack has turned out to be a very crucial part in the whole process. Any software not capable of stateful handshake-parsing is very vulnerable to false negatives. In such cases, the task of finding the correct password for a given set of wireless data is doomed by the fact that the handshake is reassembled incorrectly. In my own judgement, tools like aircrack-ng and coWPAtty fail to find the correct password – even if it’s part of the given wordlist and testable by the given data – in about 30% of all cases.