Open ghost opened 7 years ago
Could you expand on what information is duplicated on a few of the packets? The only packet that is being captured and then completely ignored for key generation purposes is the first one, so technically there could be a mode to ignore it, but just that one.
Yep, that's the one.
In order to decrypt WPA, 4 EAPoL packets from the handshake are needed. It is fairly hard to consistently get all 4 packets and not all 4 packets are needed since the information is duplicated in a few of the packets.
One might say we can end up with the wrong passphrase and fail decryption. However, in order to be sure the right passphrase is provided, the last EAPoL message should be present.
By default, the 4 packets should be needed but there could be a flag (strict mode, for example) that can be toggled.