Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 9 Jan 2013 12:07:03 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: 1Password 4 Cloud Keychain format for your cracking pleasure

On Wed, Jan 9, 2013 at 2:04 AM, Jeffrey Goldberg <jeffrey@...dmark.org> wrote:
> We (I work for AgileBits, the makers of 1Password) are rolling out our new Cloud Keychain Format, which will replace the Agile Keychain format that you already have tools for.
> The link above describes the major changes. What you will be after is in the profile.js file (our format continues to use multiple files). I can post a sample profile.js file (with known Master Password) for testing if you'd like.

This really shows the confidence you guys have in your security design!

I really like the resilience of 1Password against data corruption
which is missing in other passwords managers.

> The major differences as far as crackers are concerned is that we now use PBKDF2-SHA512 to derive a 256-bit AES key and a 256-bit HMAC-SHA256 key (instead of PBKDF2-SHA1 and no MAC). Presumably, you will find the HMAC key faster to verify than performing AES decrypts.

Thanks for the heads up. A sample profile.js file (with known Master
Password) would be really useful. Also, are there any plans to update
https://bitbucket.org/gwik/agilekeychain/ utility?

-- 
Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ