Even when attacking an older version of 1Password that uses only 1,000 PBKDF2 iterations, Hashcat will require about 19 years to crack a randomly derived four-word passcode. Those times increase to 192 years and 482 years for 10,000 repetition and 45,000 repetitions respectively.