Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 6 Aug 2012 23:59:40 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: 1Password blog post about Dhiru's new/forthcoming 1Password module

Jeffrey,

On Sun, Aug 05, 2012 at 12:26:23AM -0400, Jeffrey Goldberg wrote:
> The Elcomsoft report was discussing 1Password for iOS, which uses a different format than the desktop.  The desktop has used PBKDF2 since 2008. We added PBKDF2 to the iOS app after the Elcomsoft report came out. (Our excuse for not doing it sooner is that we still support devices running iOS 3, which doesn't offer PBKDF2 in the Apple SDK. So after Elcomsoft report we ripped an implementation from OpenSSL to get this to work on older iPhones.)

Thanks for the clarification.

Have you considered moving both products from PBKDF2 to scrypt?  Yours
could be the very first password manager to use scrypt.  And it'd make
things tough for us, yet would provide a better reason for us to add
support for scrypt into JtR - which would also provide some data on how
well scrypt works in practice, whether and to what extent attacks scale
beyond one CPU core (my gut feeling is that a speedup of roughly 2x
might be achieved on typical machines due to having multiple RAM
accesses in progress at a time).

> I'll have to dig into various changes to see when the derived AES key is 128 or 256 bits. The answer may lie with when the agilekeychain was created (or had a password change).

OK.  We'd appreciate this info.

Is it 128 vs. 256, or do you also support 192-bit keys?

Meanwhile, your blog post has spurred these threads on reddit:

http://www.reddit.com/r/netsec/comments/xr8hq/dear_netsec_what_do_you_think_of_agile_bitss_dev/
http://www.reddit.com/r/apple/comments/xq5pg/agile_bits_just_blogged_that_a_preeminent/

Thanks again,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.