02-05-2017, 05:34 PM
Hi guys, I've been an occasional lurker for years, though I haven't actually run a cracker since the L0phtcrack days. I still have a fascination with crypto and purpose-built rigs. I'm a frequent listener to "Security Now!", which I think makes me a bit better informed than an average layperson when it comes to password cracking.
Very recently recently, through an unfortunate turn of events, I lost the master password to my 1Password file. The file had A LOT of passwords in it, a few of which were important, all but a few of those which were resettable. I'm working through resetting them all and while I do I'd like to determine if I can attempt to crack and/or speed up guessing this master password, or if I need to look into hiring this out. I'm not sure though, even if I can learn the techniques and acquire the hardware, that hashcat can do it. I have a few questions toward that end:
1.) Does hashcat crack the master password on a 1Password file, or just all the contained passswords? Or both? Can I target the master?
2.) The 1Password database is the latest, (downloaded 1/29/1017) online-enabled version. Whether I select cloudkeychain or agilekeychain, I get "No hashes loaded". Does hashcat work on the latest and greatest 1Password files?
Just my initial few tries have resulted in failure to locate any hashes, but it's taking enough time that I thought I'd at least ask if I'm wasting my time. Two of the passwords I need out of this file are twenty-odd characters long and highly random, so cracking those on the target systems is not likely anytime soon.
3.) Also, if hashcat is incompatible with this file, I remember enough about the master password to the file that I can generate a word list that will only be a few tens of thousands of words, maybe a couple hundred words at most that I'm 95% sure will get in fairly quickly, so I thought I might generate that wordlist, and then write a program that just tries to log in to the app all day, logging its progress so I know what worked. Does anybody here have experience with that kind of approach?
Any assistance with this is greatly appreciated. I'm also interested in finding out if there are any resources I can turn to to farm this work out. I can allocate a little budget for the work, but I know from asking a couple that the companies that do this work for law enforcement and government are unlikely to take the work, or even be very interested in taking my calls about it, though all have been very polite about it.
That's about it for my problem description. Thanks for amassing such a tremendous amount of information on this subject! This forum is really a great resource!
Very recently recently, through an unfortunate turn of events, I lost the master password to my 1Password file. The file had A LOT of passwords in it, a few of which were important, all but a few of those which were resettable. I'm working through resetting them all and while I do I'd like to determine if I can attempt to crack and/or speed up guessing this master password, or if I need to look into hiring this out. I'm not sure though, even if I can learn the techniques and acquire the hardware, that hashcat can do it. I have a few questions toward that end:
1.) Does hashcat crack the master password on a 1Password file, or just all the contained passswords? Or both? Can I target the master?
2.) The 1Password database is the latest, (downloaded 1/29/1017) online-enabled version. Whether I select cloudkeychain or agilekeychain, I get "No hashes loaded". Does hashcat work on the latest and greatest 1Password files?
Just my initial few tries have resulted in failure to locate any hashes, but it's taking enough time that I thought I'd at least ask if I'm wasting my time. Two of the passwords I need out of this file are twenty-odd characters long and highly random, so cracking those on the target systems is not likely anytime soon.
3.) Also, if hashcat is incompatible with this file, I remember enough about the master password to the file that I can generate a word list that will only be a few tens of thousands of words, maybe a couple hundred words at most that I'm 95% sure will get in fairly quickly, so I thought I might generate that wordlist, and then write a program that just tries to log in to the app all day, logging its progress so I know what worked. Does anybody here have experience with that kind of approach?
Any assistance with this is greatly appreciated. I'm also interested in finding out if there are any resources I can turn to to farm this work out. I can allocate a little budget for the work, but I know from asking a couple that the companies that do this work for law enforcement and government are unlikely to take the work, or even be very interested in taking my calls about it, though all have been very polite about it.
That's about it for my problem description. Thanks for amassing such a tremendous amount of information on this subject! This forum is really a great resource!