1Password for iPad Master Password cracked in 5 seconds?

I ran across this article on the InformationWeek site about some security researchers in Europe assessing various iOS password managers. A quote:

"Belenko said that he himself had been using 1Password Pro, which may be the most-installed password manager for Apple iOS. But he ceased using it after testing the application's cryptography. "When we recovered my master password in five seconds? That was a moment," he said. "

So, should I be worried?

Comments

  • khadkhad Social Choreographer

    Team Member
    edited July 2012
    Note that this discovery time is for passwords that only use digits. As Dmitry and Andrey pointed out, this would be equivalent to a 6 character password (lowercase and uppercase characters, digits, as well as symbols):

    "To quickly convert this value to a comparable length of a password composed of random ASCII characters one can simply divide the former number by two (since number of ASCII characters is 95 ≈ 102)."

    The main reason the password was determined so quickly is because 6 characters provide relatively few possible password combinations.

    Scroll down on the page you linked to and you will see my comment posted the same day as the article. In it you will find a link to our blog post (also posted that same day four months ago):

    http://blog.agilebit...rong-passwords/

    And even that's not the full story. :)

    We even issued an updated version of 1Password for iOS (on April 9 if you're keeping track), increasing the PBKDF2 iterations to 10,000 among other improvements.

    http://blog.agilebit...bkdf2-goodness/

    So not only was the article misleading to begin with, it now outdated. ;)

    If we can be of further assistance, please let us know. We are always here to help!
This discussion has been closed.