diff --git a/net-wireless/cowpatty/cowpatty-4.3-r1.ebuild b/net-wireless/cowpatty/cowpatty-4.3-r1.ebuild
new file mode 100644
index 000000000..e3a303ad5
--- /dev/null
+++ b/net-wireless/cowpatty/cowpatty-4.3-r1.ebuild
@@ -0,0 +1,29 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+DESCRIPTION="WLAN tools for bruteforcing 802.11 WPA/WPA2 keys"
+HOMEPAGE="http://www.willhackforsushi.com/Cowpatty.html"
+SRC_URI="http://www.willhackforsushi.com/code/${PN}/${PV}/${P}.tgz"
+
+inherit eutils
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 x86"
+
+IUSE=""
+
+DEPEND="dev-libs/openssl"
+RDEPEND="${DEPEND}"
+
+src_compile() {
+	epatch ${FILESDIR}/cowpatty-4.3-fixup.patch
+	epatch ${FILESDIR}/cowpatty-4.3-hashfix.patch
+	emake || die "emake failed"
+}
+
+src_install() {
+        dobin cowpatty genpmk  || die "dobin failed"
+        dodoc AUTHORS CHANGELOG FAQ INSTALL README TODO dict *.dump
+}
diff --git a/net-wireless/cowpatty/files/cowpatty-4.3-fixup.patch b/net-wireless/cowpatty/files/cowpatty-4.3-fixup.patch
new file mode 100644
index 000000000..12a866eb5
--- /dev/null
+++ b/net-wireless/cowpatty/files/cowpatty-4.3-fixup.patch
@@ -0,0 +1,215 @@
+diff -uNr cowpatty-4.3/cowpatty.c cowpatty-4.3-fixup/cowpatty.c
+--- cowpatty-4.3/cowpatty.c	2008-03-20 09:49:38.000000000 -0700
++++ cowpatty-4.3-fixup/cowpatty.c	2008-10-27 20:14:56.000000000 -0700
+@@ -71,7 +71,7 @@
+ void cleanup();
+ void parseopts(struct user_opt *opt, int argc, char **argv);
+ void closepcap(struct capture_data *capdata);
+-void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata);
++void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata, struct user_opt *opt);
+ void dump_all_fields(struct crack_data cdata);
+ void printstats(struct timeval start, struct timeval end,
+ 		unsigned long int wordcount);
+@@ -389,7 +389,7 @@
+ 	return (ret);
+ }
+ 
+-void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata)
++void handle_dot1x(struct crack_data *cdata, struct capture_data *capdata, struct user_opt *opt)
+ {
+ 	struct ieee8021x *dot1xhdr;
+ 	struct wpa_eapol_key *eapolkeyhdr;
+@@ -415,8 +415,8 @@
+ 	cdata->ver = key_info & WPA_KEY_INFO_TYPE_MASK;
+ 	index = key_info & WPA_KEY_INFO_KEY_INDEX_MASK;
+ 
+-	/* Check for EAPOL version 1, type EAPOL-Key */
+-	if (dot1xhdr->version != 1 || dot1xhdr->type != 3) {
++	/* Check for type EAPOL-Key */
++	if (dot1xhdr->type != 3) {
+ 		return;
+ 	}
+ 
+@@ -432,54 +432,73 @@
+ 			return;
+ 		}
+ 	} else if (cdata->ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
+-		if (eapolkeyhdr->type != 2 ||
++		if ((eapolkeyhdr->type != 2 && eapolkeyhdr->type != 254) ||
+ 				(key_info & WPA_KEY_INFO_KEY_TYPE) == 0) {
+ 			return;
+ 		}
+ 	}
+ 
++	if (opt->verbose > 2) {
++		printf ("WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: %d\n", WPA_KEY_INFO_TYPE_HMAC_MD5_RC4);
++		printf ("WPA_KEY_INFO_TYPE_HMAC_SHA1_AES: %d\n", WPA_KEY_INFO_TYPE_HMAC_SHA1_AES);
++		printf ("key version: %d\n", cdata->ver);
++		printf ("eapol key header type: %d\n", eapolkeyhdr->type);
++	}
++
++	/* Check for frame 1 of the 4-way handshake */
++	if ((key_info & WPA_KEY_INFO_MIC) == 0 
++	   && (key_info & WPA_KEY_INFO_ACK)
++	   && (key_info & WPA_KEY_INFO_INSTALL) == 0 ) {
++                /* All we need from this frame is the authenticator nonce */
++		memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
++			sizeof(cdata->anonce));
++		cdata->anonceset = 1;
++ 
+ 	/* Check for frame 2 of the 4-way handshake */
+-	if ((key_info & WPA_KEY_INFO_MIC) && (key_info & WPA_KEY_INFO_ACK) == 0
+-	    && (key_info & WPA_KEY_INFO_INSTALL) == 0
+-	    && eapolkeyhdr->key_data_length > 0) {
+-		/* All we need from this frame is the authenticator nonce */
+-		memcpy(cdata->snonce, eapolkeyhdr->key_nonce,
+-		       sizeof(cdata->snonce));
+-		cdata->snonceset = 1;
++	} else if ((key_info & WPA_KEY_INFO_MIC)
++	  && (key_info & WPA_KEY_INFO_INSTALL) == 0
++	  && (key_info & WPA_KEY_INFO_ACK) == 0
++	  && eapolkeyhdr->key_data_length > 0) {
+ 
+-	} else if (		/* Check for frame 3 of the 4-way handshake */
+-			  (key_info & WPA_KEY_INFO_MIC)
+-			  && (key_info & WPA_KEY_INFO_INSTALL)
+-			  && (key_info & WPA_KEY_INFO_ACK)) {
++		cdata->eapolframe_size = ( packet[capdata->dot1x_offset + 2] << 8 )
++				+   packet[capdata->dot1x_offset + 3] + 4;
+ 
+ 		memcpy(cdata->spa, &packet[capdata->dstmac_offset],
+-		       sizeof(cdata->spa));
+-		memcpy(cdata->aa, &packet[capdata->srcmac_offset],
+-		       sizeof(cdata->aa));
+-		memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
+-		       sizeof(cdata->anonce));
+-		cdata->aaset = 1;
+-		cdata->spaset = 1;
+-		cdata->anonceset = 1;
+-		/* We save the replay counter value in the 3rd frame to match
+-		   against the 4th frame of the four-way handshake */
+-		memcpy(cdata->replay_counter, eapolkeyhdr->replay_counter, 8);
+-
+-	} else if (		/* Check for frame 4 of the four-way handshake */
+-			  (key_info & WPA_KEY_INFO_MIC)
+-			  && (key_info & WPA_KEY_INFO_ACK) == 0
+-			  && (key_info & WPA_KEY_INFO_INSTALL) == 0
+-			  &&
+-			  (memcmp
+-			   (cdata->replay_counter, eapolkeyhdr->replay_counter,
+-			    8) == 0)) {
++			sizeof(cdata->spa));
++       	        memcpy(cdata->aa, &packet[capdata->srcmac_offset],
++			sizeof(cdata->aa));
++		memcpy(cdata->snonce, eapolkeyhdr->key_nonce,
++			 sizeof(cdata->snonce));
++                cdata->aaset = 1;
++                cdata->spaset = 1;
++		cdata->snonceset = 1;
+ 
+ 		memcpy(cdata->keymic, eapolkeyhdr->key_mic,
+-		       sizeof(cdata->keymic));
++			sizeof(cdata->keymic));
+ 		memcpy(cdata->eapolframe, &packet[capdata->dot1x_offset],
+-		       sizeof(cdata->eapolframe));
++			cdata->eapolframe_size);
++
+ 		cdata->keymicset = 1;
+ 		cdata->eapolframeset = 1;
++
++	/* Check for frame 3 of the 4-way handshake */
++	}  else if ((key_info & WPA_KEY_INFO_MIC)
++		   && (key_info & WPA_KEY_INFO_ACK)
++		   && (key_info & WPA_KEY_INFO_INSTALL)) {
++		/* All we need from this frame is the authenticator nonce */
++		memcpy(cdata->anonce, eapolkeyhdr->key_nonce,
++			sizeof(cdata->anonce));
++		cdata->anonceset = 1;
++
++	}
++
++	if (opt->verbose > 2) {
++		printf("aaset: %d\n",cdata->aaset);
++		printf("spaset: %d\n",cdata->spaset);
++		printf("snonceset: %d\n",cdata->snonceset);
++	        printf("keymicset: %d\n",cdata->keymicset);
++	        printf("eapolframeset: %d\n",cdata->eapolframeset);
++	        printf("anonceset: %d\n", cdata->anonceset);
+ 	}
+ }
+ 
+@@ -507,8 +526,7 @@
+ 	printf("\n");
+ 
+ 	printf("eapolframe is:");
+-	lamont_hdump(cdata.eapolframe, 99);	/* Bug in lamont_hdump makes this look
+-						   wrong, only shows 98 bytes */
++		lamont_hdump(cdata.eapolframe, cdata.eapolframe_size);
+ 	printf("\n");
+ 
+ }
+@@ -706,7 +724,7 @@
+ 		}
+ 
+ 		hmac_hash(cdata->ver, ptkset->mic_key, 16, cdata->eapolframe,
+-			 sizeof(cdata->eapolframe), keymic);
++			cdata->eapolframe_size, keymic);
+ 
+ 		if (opt->verbose > 2) {
+ 			printf("Calculated MIC with \"%s\" is", passphrase);
+@@ -815,7 +833,7 @@
+ 		}
+ 
+ 		hmac_hash(cdata->ver, ptkset->mic_key, 16, cdata->eapolframe,
+-			 sizeof(cdata->eapolframe), keymic);
++			cdata->eapolframe_size, keymic);
+ 
+ 		if (opt->verbose > 2) {
+ 			printf("Calculated MIC with \"%s\" is", passphrase);
+@@ -874,7 +892,7 @@
+ 		    0 && (h->len >
+ 			capdata.l2type_offset + sizeof(struct wpa_eapol_key))) {
+ 			/* It's a dot1x frame, process it */
+-			handle_dot1x(&cdata, &capdata);
++			handle_dot1x(&cdata, &capdata, &opt);
+ 			if (cdata.aaset && cdata.spaset && cdata.snonceset &&
+ 			    cdata.anonceset && cdata.keymicset
+ 			    && cdata.eapolframeset) {
+@@ -909,7 +927,6 @@
+ 	eapkeypacket =
+ 	    (struct wpa_eapol_key *)&cdata.eapolframe[EAPDOT1XOFFSET];
+ 	memset(&eapkeypacket->key_mic, 0, sizeof(eapkeypacket->key_mic));
+-	eapkeypacket->key_data_length = 0;
+ 
+ 	printf("Starting dictionary attack.  Please be patient.\n");
+ 	fflush(stdout);
+diff -uNr cowpatty-4.3/cowpatty.h cowpatty-4.3-fixup/cowpatty.h
+--- cowpatty-4.3/cowpatty.h	2008-03-20 09:49:38.000000000 -0700
++++ cowpatty-4.3-fixup/cowpatty.h	2008-10-27 17:25:48.000000000 -0700
+@@ -94,7 +94,7 @@
+ 	u16 length;
+ } __attribute__ ((packed));
+ 
+-#define MAXPASSLEN 63
++#define MAXPASSLEN 64
+ #define MEMORY_DICT 0
+ #define STDIN_DICT 1
+ #define EAPDOT1XOFFSET 4
+@@ -166,7 +166,8 @@
+ 	u8 spa[6];
+ 	u8 snonce[32];
+ 	u8 anonce[32];
+-	u8 eapolframe[99];	/* Length the same for all packets? */
++	u8 eapolframe[99];
++	u8 eapolframe2[125];
+ 	u8 keymic[16];
+ 	u8 aaset;
+ 	u8 spaset;
+@@ -177,6 +178,7 @@
+ 	u8 replay_counter[8];
+ 
+ 	int ver; /* Hashing algo, MD5 or AES-CBC-MAC */
++	int eapolframe_size;
+ };
+ 
+ struct hashdb_head {
diff --git a/net-wireless/cowpatty/files/cowpatty-4.3-hashfix.patch b/net-wireless/cowpatty/files/cowpatty-4.3-hashfix.patch
new file mode 100644
index 000000000..2ae6fcd26
--- /dev/null
+++ b/net-wireless/cowpatty/files/cowpatty-4.3-hashfix.patch
@@ -0,0 +1,12 @@
+diff -uNr cowpatty-4.3/cowpatty.c cowpatty-4.3-hashfix/cowpatty.c
+--- cowpatty-4.3/cowpatty.c	2008-03-20 09:49:38.000000000 -0700
++++ cowpatty-4.3-hashfix/cowpatty.c	2008-10-19 23:29:22.000000000 -0700
+@@ -202,7 +202,7 @@
+ 	}
+ 
+ 	/* Test that the files specified exist and are greater than 0 bytes */
+-	if (!IsBlank(opt->hashfile)) {
++	if (!IsBlank(opt->hashfile) && strncmp(opt->hashfile, "-", 1) != 0) {
+ 		if (stat(opt->hashfile, &teststat)) {
+ 			usage("Could not stat hashfile.  Check file path.");
+ 			exit(-1);