Ars Article, Looking for Comments from the AgileBits team!
I just read this today:
My take is there is not much call for concern, given proper data storage and a strong master password.
Comments
-
Last paragraph from the article with my bolding added
While the new technique for cracking 1Password has knitted the brows of cryptographers and security experts, end users have little reason for concern, so long as they're picking truly strong master passwords to encrypt their keychains. Even when attacking an older version of 1Password that uses only 1,000 PBKDF2 iterations, Hashcat will require about 19 years to crack a randomly derived four-word passcode. Those times increase to 192 years and 482 years for 10,000 repetition and 45,000 repetitions respectively. Those times may not be as long as previously thought, but they should tide us over until cryptographers devise something better.
0 -
I thought he did, but it appears that Dan Goodin did not include a link to our own blog post on this issue in his article:
On hashcat and strong Master Passwords as your best protection
I recommend starting there and let me know if you have any specific questions. I would be happy to address them. :)
0