Deprecated — use 22000

WPA EAPOL — Hashcat Mode 2500 (Deprecated)

TL;DR — Mode 2500 was the original Hashcat target for WPA/WPA2 EAPOL handshakes, using the .hccapx file format. It was deprecated in Hashcat 6.0 (2020) in favour of mode 22000. Same underlying cryptography (PBKDF2-HMAC-SHA1, 4096 iterations); different hash encoding. New captures should use 22000.

Why mode 2500 was deprecated

Mode 2500's .hccapx format was a tightly-packed binary structure that grew problematic for multi-handshake captures and PMKID integration. Mode 22000 introduced a text-based format (.hc22000) that's more flexible and accepts both EAPOL and PMKID.

From Hashcat 6.0 onwards, mode 2500 still works but is marked deprecated. New tooling defaults to mode 22000.

Cryptographic equivalence

Despite the format change, the underlying cryptography is unchanged: PBKDF2-HMAC-SHA1 with 4096 iterations, SSID as salt, AES-CCMP for transport. Recovery throughput on the same hardware is identical between modes 2500 and 22000.

If you have a legacy .hccapx file and want to use modern tooling, hcxhashtool can convert it to .hc22000 format losslessly.

When you might still encounter mode 2500

Older captured handshakes stored as .hccapx files; old documentation and tutorials; legacy automation scripts. Convert to mode 22000 for new work.

Frequently Asked Questions

Should I use mode 2500 or 22000?

Always 22000 for new captures. Mode 2500 still works but is deprecated. Convert legacy .hccapx files to .hc22000 format with hcxhashtool.

Is recovery time different?

No. Same cryptography, same throughput. Only the hash file format differs.

Can hashcat still process .hccapx files?

Yes — mode 2500 remains supported for backward compatibility. New versions emit warnings recommending mode 22000.

Related references

m22000Modern unified format m22001PMK pre-computed

Have a handshake to recover?

Upload your .hc22000 (or .pcap/.cap/.hccapx and we'll convert) for a free analysis. Pay only if recovery succeeds.

Run a free WPA analysis