OPVault format and hashcat

lemansiii
lemansiii
Community Member
edited August 2018 in Lounge

Hi - Has anyone been able to run hashcat on the opvault format? It looks a bit different than the cloudkeychain format.

I've tried -m 8200 but obviously that fails.

I'm currently syncing via icloud and dropbox, and using
1Password 7
Version 7.1.BETA-3 (70100003)
AgileBits Beta

Thanks, Scott


1Password Version: 7.1.BETA-3 (70100003)
Extension Version: Not Provided
OS Version: MacOS 10.13.6
Sync Type: icloud and dropbox

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    Last I checked it wasn't really feasible to brute force OPVault (unless you're trying to brute force your own password and know it to be relatively weak, thus shrinking the search space). Vendors out there who work on stuff like this for law enforcement have been using AgileKeychain (and old ones with low iterations at that) to demo last I saw.

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    I recall that the both the John the Ripper community and the hashcat community have developed modules for OPVault shortly after it was first published. But you will have to ask them, as I looked at these when they were first developed and have forgotten about them.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @jpgoldberg: I was thinking of Elcom, since they're selling the capability to brute force 1Password data...but only advertise this (as far as I've seen) for old AgileKeychains. Since it's their business, I imagine they'd be promoting the same for OPVault if they had a viable solution to sell for that.

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Thanks @brenty. It might be interesting to know why Elcomsoft isn't advertising a cracker of OPVault. My guess is that they don't have optimized libraries for PBKDF2-H512 and so their guessing rate would be embarrassingly slow.

This discussion has been closed.