1Password file format

Are there any plans to "open-up" 1Password Agile Keychain format?

After reading http://help.agilebit...ain_design.html I understand that 1Password file format is essentailly a JSON file. What I don't understand is how to decrypt the following fields using a master password.
encrypted" : "..."
usernameHash" : "...",

You use PBKDF-SHA1 to derive a decryption key for AES-128 from master password but exactly which mode of AES is used. What about IV? Number of iterations? Do you plan to document this?

Thanks!

Comments

  • khad
    khad
    1Password Alumni
    Welcome to the forums, webie! I wanted to make sure you know we saw your post. We should be able to get you a comprehensive reply soon. Thanks for your patience in the meantime.
  • I found out the answers I was looking for. https://bitbucket.org/gwik/agilekeychain explains "Agile Keychain" file format well with code.
  • khad
    khad
    1Password Alumni
    Ah, yep! I was actually trying to find that link yesterday but didn't have it handy. I'm glad you were able to find it. Let me know if there is anything else we can help with. :)

    Cheers,
  • jpgoldberg
    jpgoldberg
    1Password Alumni
    Hi webie!

    I certainly could do a better job documenting the format, but we are busy with the next generation format, which again our intent is to fully document. I'm glad you found what you are looking for.

    Just out of curiosity (and don't feel obliged to answer), were you involved the development of the 1Password plug-in for John the Ripper? I'll be blogging about that shortly, but let me just say that we've known since we developed the agilekeychain that automated password cracking was inevitable. And when last month we saw JtR plug-ins for other password mangers, it was clear that this was coming soon.

    We've been advising users to have good master passwords for a long time and using PBKDF2, under the assumption that such crackers may exist (just not publicly). Now that it is public, it helps us better make the case to users to pick good master passwords.

    Cheers,

    -j
This discussion has been closed.