Can my master password be guessed that easily??!!

mrwallymrwally
edited November 2017 in Lounge

LOOOONG time 1Password user so this question goes back a ways, but I'm asking this question based on the speed in which password cracking machines can guess my master password if my 1Password data fell into the wrong hands. My understanding is that the cloudkeychain format is a "slower" hash compared to the agilekeychain format. It's been a while, but IIRC everything was moving towards the cloudkeychain format but there was a limitation when using Dropbox as the sync method.

So, basically I have the following questions:
1. What keychain format am I using? (How do I check)? (if my 1password file has extension of agilekeychain, I'm assuming that's what it's using?)
2. What should I be using from a security perspective in respect to password crackers (i.e. hashcat) knowing that the agilekeychain format is a "faster" hash than cloudkeychain format? agilekeychain master passwords can be guess approx 320 times faster. On current GPU systems, this means that a hash cat machine can guess 3.2 million passwords per second against agilekeychain and only approx 10.5 thousand against cloudkeychain format.
3. Has that limitation when using Dropbox been resolved?

@jpgoldberg

Some data -
Speed at which agile keychains can be guessed vs cloud keychains:
https://gist.github.com/epixoip/6ee29d5d626bd8dfe671a2d8f188b77b

Old 1Password Links:
https://blog.agilebits.com/2013/04/16/1password-hashcat-strong-master-passwords/
https://blog.agilebits.com/2012/12/05/hashing-fast-and-slow-gpus-and-1password/

1Password Link discussing cloudkeychain format vs agilekeychain and hash cat:
https://blog.agilebits.com/2014/03/10/crackers-report-great-news-for-1password-4/


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • BenBen AWS Team

    Team Member

    Hi @mrwally,

    I'm not aware of any limitations with syncing OPVault keychains via Dropbox. I do know that 1Password 4 for Windows has some difficulties with it, so if you're on Windows the recommendation is still to use Agile Keychain. Otherwise it would make sense to upgrade to OPVault:

    How to switch to the OPVault format from Agile Keychain - 1Password Support

    You're correct that the file extension of your keychain is a good indicator of which format you're using.

    I hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

  • Is OPVault the same thing as cloudkeychain format?

  • brentybrenty

    Team Member

    @mrwally: Good question! In many ways yes: the design is the same, though there are structures which OPVault needs as a file-based sync container which are not needed in the CloudKit database.

This discussion has been closed.