You should be more specific about what you know about the keys/passwords.
If the keys are completely random and k1, k2 and k3 could all be different, then the keyspace is very large (way too large to bruteforce).
On the other hand, if you know that the key was generated like this: srand (time ()); k1= rand (); k2 = rand (); k3 = rand () where the seed to the RNG was just the time since the epoche, then there could be a chance to recover the key if you know the estimated time when the key was generated.
So the short answer is, if it is completely random and k1/k2/k3 could be all different, then a bruteforce is unfeasible. implementing rand () doesn't help, nor does the use of statsprocessor (why do you even think this helps here?).
Normally, when new hashcat users think about rand (), they actually mean a mask attack (bruteforce). This is accomplished by using the attack mode -a 3 = mask attack.
But as said, in this specific case it doesn't make sense to use bruteforce/mask attack if you do not have a reduce keyspace (or know that a weak algorithm generated the key ... or a known seed to the random number generator etc).
If the keys are completely random and k1, k2 and k3 could all be different, then the keyspace is very large (way too large to bruteforce).
On the other hand, if you know that the key was generated like this: srand (time ()); k1= rand (); k2 = rand (); k3 = rand () where the seed to the RNG was just the time since the epoche, then there could be a chance to recover the key if you know the estimated time when the key was generated.
So the short answer is, if it is completely random and k1/k2/k3 could be all different, then a bruteforce is unfeasible. implementing rand () doesn't help, nor does the use of statsprocessor (why do you even think this helps here?).
Normally, when new hashcat users think about rand (), they actually mean a mask attack (bruteforce). This is accomplished by using the attack mode -a 3 = mask attack.
But as said, in this specific case it doesn't make sense to use bruteforce/mask attack if you do not have a reduce keyspace (or know that a weak algorithm generated the key ... or a known seed to the random number generator etc).