This is a static archive of our old Q&A Site. Please post any new questions and answers at

confused how actually 4 way handshake work


Captured handshake and password have been found using brut forcing tools of kali Linux now i interested in how its work so i did following steps:

  • Generated PMK form PSK and SSID using online calculator
  • Generated PTK using online calculator HMAC-SHA-1 from following input
  • Data = Min_MAC Address, MAX_MAC Address, Min_Nonce, Max_Nonce.
  • key = PMK
  • from which i get 384 bit PTK
  • this PTK divided in three parts (KCK, KEK, TK)
  • KCK encrypt with KEK by using AES-128 using online calculator where data
  • data = KCK
  • key = KEK
  • That KCK should be matched with the MIC, i founded using kali Linux tools (the MIC of second packet of handshake) which is not the same

Now the question is! What I missed here please help me I m so tired

asked 28 Jul '17, 03:59

Aziz88's gravatar image

accept rate: 0%

edited 28 Jul '17, 04:18

sindy's gravatar image