Moscrack Imagined Frequently Asked Questions (iFAQ)
Ryan Babchishin 2015-09-12

Q: iFAQ??
A: Since nobody asked, I've answered questions that I imagine people might ask. I think 
   some other people do this too, but they pretend it's a real FAQ.

Q: Why was Moscrack created?
A: I created Moscrack for two reasons. 1. As an educational endeavour to improve my programming skills 
   and to find a way to put a cluster of computers to work doing something reasonably worthwhile. 
   I chose key cracking because there appeared to be an interest in the community and because it requires 
   siginificant CPU resources. 2. I wanted to create my first GPL application and make it freely
   available so that I could give back to the OSS community.

Q: Do I need Mosix to use Moscrack?
A: No. Moscrack can use SSH, RSH and Pyrit connectivity as well.

Q: Do I need shared storage to use Moscrack?
A: No. Moscrack can either use shared storage or it can copy files to the nodes when required.

Q: Is there an advantage to using Mosix rather than the other methods?
A: Some. Mosix may take less time connecting to nodes or copying files. Mosix support is really for 
   people who already have a Mosix cluster and want to crack WPA keys on it. I don't recommend
   installing Mosix unless you really want the extra edge. The installation process is quite involved
   and requires recompiling your kernel. Apparently the newer versions of Mosix don't require
   a kernel recompile, but I haven't tested it with Moscrack yet.

Q: What's the best thing I can do to make Moscrack faster?
A: Reduce overhead. Run moscrack --tune and see what nodes have the most overhead. Overhead is the 
   time that Moscrack spends doing things besides actually cracking keys. Connecting to nodes, logging in
   exchanging SSH keys, copying files, cleaning up, etc... all count as overhead. A gigabit ethernet 
   network, direct attached shared storage and very fast Mosix nodes would likely provide the
   best results. Increasing the run time or chunk size will also help reduce the overhead at the cost
   of reduced feedback from Moscrack and amplification of errors/failures. If you have a large cluster
   try to use a high end machine as your Moscrack server so that it doesn't become a bottleneck.

Q: How do I use CUDA or OpenCL with Moscrack?
A: There are two ways. Enable the Pyrit plugin or install aircrack-ng-cuda and adjust the "aircrack" setting
   in moscrack.conf. The details on setting up those tools and the CUDA/OpenCL drivers are beyond the
   scope of this document.

Q: Isn't Pyrit better than Moscrack?
A: No, it's just different. Moscrack does many things differently than Pyrit and has different features.
   I developed Moscrack to meet several needs I had that Pyrit couldn't provide. View the list
   of Moscrack's features on the website at and decide if it's right for you.
   Moscrack can take full advantage of Pyrit's attack_passthrough, OpenCL, CUDA, multi-core and
   multi-node features via the included Pyrit plugin.

Q: Doesn't having a cluster eliminate the need for something like Moscrack?
A: No. From what I can tell, the Linux clusters available today cannot improve the performance of threaded 
   applications like aircrack-ng and Pyrit. They either don't support threads or they migrate threads 
   together as a single process to a single node. Moscrack also offers error checking, reprocessing on
   error, checkpoint/resume and many other features that are not likely to be available through 
   standard clustering software. 

Q: Couldn't Moscrack do more than crack WPA handshakes?
A: Yes. I've put a lot of work into a plugin framework that will allow just that. I've already
   created a plugin called Dehasher, that uses a utility that I wrote in C to compare/crack
   Unix password hashes in much the same way as WPA. Pyrit support has also been moved into
   a plugin. I intend to write more plugins once I've looked around and decided what's best. 
   I fully encourage user created plugins and I am happy to either include them with Moscrack
   or make them available on the Moscrack site if submitted.

Q: Why does Moscrack leave aircrack-ng processes running on nodes if I hit CTRL-C?
A: I'm not sure. It's something specific to SSH and every implementation of an SSH
   client that I have tried encounters the same issue. I believe there is no way to
   work around it. The processes will end on their own and new processes started by
   Moscrack kill the old processes before starting. This has no effect on the performance
   or reliability of Moscrack but it does slightly increase overhead.

Q: Why does Moscrack support RSH?
A: Because RSH is a very old and very standard protocol. It is also much simpler than SSH, so it has
   lower overhead. However in my testing, I have not seen a performance difference between the two.
   Theoreticaly, it should be faster and more widely supported than SSH. At the very least, it gives
   users another connectivity option.

Q: Does Moscrack work with (insert OS here)?
A: Moscrack itself will likely work on any Unix variant like Linux, Solaris, OSX, FreeBSD but I've
   only tested it on Linux. As a node, probably. I've documented several operating systems that have 
   been tested to work with Moscrack as nodes. Any Unix variant that can run aircrack-ng will very likely
   work just fine. Moscrack works with Windows nodes if you install Cygwin

Q: Does my network/link speed matter?
A: Somewhat. A slow link will result in slow file transfers, however once a chunk makes it to the node
   cracking is full speed. Compression can be used with SCP and Mosix connectivity methods, so that 
   can help with really slow links. Chunks are not really that big unless you set an unreasonable value,
   so even a 56k modem link could be fast enough in many cases. Since connectivity is done in parallel,
   a slow node will not interfere with other faster nodes.

Q: What are the system requirements for Moscrack?
A: Nodes can be anything, with low memory and disk space. The Moscrack server should be a reasonable machine
   that can handle a number of processes (1 per node) and all of the activity that they generate. I test 
   everything on a Core2Quad Q6600 2.4Ghz w/ 4GB RAM. On my system, Moscrack uses very few resources.

Q: How does Moscrack calculate it's performance?
A: Moscrack start's a timer at launch (look for "Starting timer") and calculates it's performance in 
   words/second when nodes finish chunks. This is the actual speed over time, not an up to the moment
   performance indicator. For example, if the cluster has nodes added the speed will not immediately 
   increase in direct proportion to the new nodes performance, but rather relative to the performance 
   from the start.

Q: What is "10Min" that mosctop displays?
A: mosctop sets a timer and after 10 minutes it calculates the speed of your cluster. This gives a more
   up to date view of Moscrack's performance rather than the performance from the start value that
   Moscrack normaly displays. i.e. This is how fast moscrack was in the last 10 minutes.

Q: Can I use the Moscrack server as a node?
A: Yes, just add it to your nodes.dat file. Moscrack will connect to the local machine just like any other node.
   There is a node type "local" that you can use for this that will localy execute the process without
   any network protocols or file copying.

Q: Can I add the same node more than once to my nodes configuration?
A: Yes, but not with the same host name. Moscrack keeps track of nodes by name and having more than one with
   the same name would just not work. You can added entries to /etc/hosts to give your node aliases or
   change your DNS configuration to convince Moscrack to use a node more than once. Keep in mind that
   it's possible that running multiple processes could overwrite/delete files that belong to eachother
   and it is likely a bad idea to try this.

Q: Do I really need to "tune" my nodes configuration?
A: No you don't. Tuning determines the speed of all of your nodes. With that information, Moscrack can
   offer certain extra features that are not absolutely required. Node prioritization, hang detection,
   auto chunk size, multi-chunk size, etc... all require this information be valid. If you turn those all 
   off and set all of your nodes to the same numeric value, things will still work. If you have nodes 
   that are drasticaly different speeds, try to set a number that indicates how much faster one node is
   compared to another. Ex. 2 for dual core, 1 for single core, etc... to at least get adequate multi-chunk
   values and node prioritization. Alternatively if you have an idea how fast your machines are, you can set 
   approximate values if you like. You'll be ok to enable all features as long as you are close.

Q: What's this dynamic node configuration thing?
A: Without going into too much detail - you can think of it like DHCP. Moscrack nodes send a broadcast
   message occasionally and the Moscrack server answers them with what they need to function as nodes.
   In the process, the Moscrack server records the node in the node list and sets an expiry time
   (like a DHCP lease). The node is valid and will be used, until it expires. If the node is working
   properly, it will not expire as it keeps sending updates at a regular interval.

Q: What is the Moscrack Live CD for?
A: The live CD boots SUSE Linux on a computer without touching the hard drive. It has everything
   needed to act as a node immediately. It runs moscc (dynamic node configuration client)
   so you don't even have to login to it. How great is that? Boot and walk away. It does not
   have Moscrack on it, that needs to be installed on another server by you.

Q: How do I use an SSID with with a space in it?
A: I've been told by a user that triple escaping the space works. Like this: "Space\\\ Man". This
   is a known bug and will eventually be fixed (low priority).

Q: Moscrack has bugs or problems, why don't you fix them?
A: Because I don't know about them or don't think they matter. You should tell me :).

Q: When will there be a stable release of Moscrack?
A: I will keep Moscrack in beta until I can get someone to help me go over everything. Moscrack needs to
   be scrutinized in various areas like ease of use, ease of installation, quality of documentation,
   bugs, performance, etc...

Q: How do I contact you?
A: There are various methods of contacting me that can be accessed via the SourceForge project page.
   Try this:

Q: What's SVN? 
A: SVN is a source code repository that I use for developing Moscrack. The latest changes to Moscrack 
   are always there, up to the minute. If you don't want to wait for the next release, you can
   try the development version from SVN. 
   You can get it here: