Prince Attack - Hashtopia

Below is a **Hashtopia-style** rewrite of the PRINCE page, keeping the tone analytical, tool-agnostic, and research-focused, while clearly separating **what PRINCE is**, **when it is useful**, and **how to operationalize it**. --- # **PRINCE Attacks** **PRINCE (PRobability INfinite Chained Elements)** is a probabilistic password _candidate generator_ that models how humans **compose passwords from multiple elements** rather than creating them as a single word or random string. Instead of mutating one base word at a time (rules) or exhaustively enumerating characters (masks), PRINCE builds **chains of words and fragments** from a single input dictionary and emits candidates that reflect real-world compositional behavior. PRINCE is best understood as a **structure generator**, not a cracker. --- ## **Conceptual Model** PRINCE takes: - **One input wordlist** - Breaks it into **elements** - Chains **1 → N elements together** - Emits candidates ordered by estimated probability This allows PRINCE to naturally generate patterns such as: - word + word - word + number - short + short + short - reused fragments in different positions This closely mirrors how many users actually build passwords. --- ## **Tooling** - **PRINCE Processor:** Hashcat – princeprocessor - **Hashcat Integration:** Streams candidates via stdin - **John the Ripper Integration:** Native PRINCE mode --- ## **Baseline PRINCE Attack (Slow Hashes)** PRINCE excels against **slow hashes** where guess quality matters more than raw speed. ``` pp64.bin dict.txt | hashcat -a 0 -m #type hash.txt ``` **Why this works:** - Slow hashes penalize brute force - PRINCE prioritizes high-probability structures - Fewer guesses can yield meaningful results --- ## **Amplified PRINCE Attack (Fast Hashes)** For **fast hashes**, PRINCE output alone may underutilize hardware. Amplification is achieved by layering **rules**. ``` pp64.bin --case-permute dict.txt | hashcat -a 0 -m #type hash.txt -r rule.txt ``` **Key idea:** - PRINCE defines _structure_ - Rules expand _surface variations_ - GPU-side mutation recovers throughput --- ## **Constrained PRINCE (Minimum Length & Element Limits)** PRINCE can be shaped to reflect known policy constraints. ``` pp64.bin --pw-min=8 --limit=4 dict.txt | hashcat -a 0 -m #type hash.txt -r best64.rule ``` **Interpretation:** - Minimum password length = 8 - Maximum 4 chained elements - Rules add lightweight variation This is especially effective against environments with **minimum length policies** but weak composition enforcement. --- ## **PRINCECEPTION (Recursive PRINCE)** PRINCE output can be recursively fed back into PRINCE itself. ``` pp64.bin dict.txt | pp64.bin | hashcat -a 0 -m #type hash.txt ``` **What this does conceptually:** - First PRINCE pass discovers compositional elements - Second pass chains _already-composed structures_ - Explores higher-order human patterns ⚠️ This grows keyspace rapidly and should be used deliberately. --- ## **PRINCE with John the Ripper** John the Ripper includes native PRINCE support. ``` john --prince=dict.txt hash.txt ``` This is useful for: - CPU-bound environments - Integrated cracking workflows - Research comparisons across engines --- ## **When PRINCE Shines** PRINCE is particularly effective when: - Users **reuse words** rather than invent new ones - Passwords are **multi-component** - Dictionaries are **large and behaviorally rich** - Traditional rules have already saturated gains It is most effective **after**: - Straight dictionary attacks - High-yield rule attacks --- ## **When PRINCE Struggles** PRINCE is less effective when: - Input dictionaries are shallow or highly truncated - Passwords are purely random - Target hashes are extremely fast and PRINCE is not amplified - Strict length or character-class constraints dominate --- ## **Strategic Takeaways** - PRINCE is a **bridge** between dictionary attacks and brute force - Input quality matters more than tuning flags - PRINCE defines _structure_, not entropy - Best used as part of a **layered attack strategy**, not standalone PRINCE is valuable not because it replaces other attacks, but because it exposes how much of the password space is still governed by **human composition habits**. --- [[Advanced Compositional Attacks]] [[Home]] #advanced