Ars Article, Looking for Comments from the AgileBits team!

Urda
Urda
Community Member

I just read this today:

http://arstechnica.com/security/2013/04/yes-design-flaw-in-1password-is-a-problem-just-not-for-end-users/

My take is there is not much call for concern, given proper data storage and a strong master password.

Comments

  • charlie98
    charlie98
    Community Member

    Last paragraph from the article with my bolding added

    While the new technique for cracking 1Password has knitted the brows of cryptographers and security experts, end users have little reason for concern, so long as they're picking truly strong master passwords to encrypt their keychains. Even when attacking an older version of 1Password that uses only 1,000 PBKDF2 iterations, Hashcat will require about 19 years to crack a randomly derived four-word passcode. Those times increase to 192 years and 482 years for 10,000 repetition and 45,000 repetitions respectively. Those times may not be as long as previously thought, but they should tide us over until cryptographers devise something better.

  • khad
    khad
    1Password Alumni

    I thought he did, but it appears that Dan Goodin did not include a link to our own blog post on this issue in his article:

    On hashcat and strong Master Passwords as your best protection

    I recommend starting there and let me know if you have any specific questions. I would be happy to address them. :)

This discussion has been closed.