Now that we've captured the handshake from our target AP and we have a wordlist ready to use, we can use aircrack-ng to crack the key for the target AP. The aircrack-ng is going to go through the wordlist file, combine each password with the name of our target AP, and create a Pairwise Master Key (PMK). The PMK is created by using an algorithm called the PBKDF2, it's not like just combining the password and the BSSID; it's encrypting them in a certain way, and it compares the PMK to the handshake. If the PMK was valid, then the password that was used is the password for the target AP; if it wasn't valid, then aircrack-ng tries the next password.

We use aircrack-ng, the name of the file that contains the handshake, test-handshake-01.cap, and -w and the name of the wordlist, wordlist. The command is as follows:

aircrack-ng test-handshake-01.cap -w wordlist

Now we are going to hit Enter, and aircrack-ng is going to go through the list; it will try all of the passwords, and will combine each password with the name of the target AP to create a PMK, then compare the PMK to the handshake. If the PMK is valid, then the password that was used to create the PMK is the password for the target AP; if the PMK is not valid, then it's just going to try the next password.

As we can see, in the following screenshot, the key was found:

It is the most basic way of using a wordlist: it took 42 seconds to crack the password. The speed depends on how quick the processor is, and whether we have any processes running that are making our computer a bit slower.