How save is 1Password? Elcomsoft has a new Phone Breaker 4.10 software. How can I protect myself?
I have 1Password on MAC Windows and iOS sync with Dropbox, how save is it?
Elcomsoft claims "1Password support by attacking the master Password" http://mk1.netatlantic.com/t/22231626/220432059/332188/10/
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:How save is 1Password? Elcomsoft has a new Phone Breaker 4.10 software. How can I protect myself? I have 1Password on Windows Mac and iPhone sync with Dropbox. http://mk1.netatlantic.com/t/22231626/220432059/332188/10/
Comments
-
Hi @wahringer,
It's always a good question isn't it, how safe is your vault? I want to explain why I'm not concerned about my vaults.
From the link you provided here's what Elcomsoft said about BlackBerry Password Keeper.
In our research, we've discovered a way to decrypt the content of BlackBerry Password Keeper in a matter of seconds — without having to attack or recover the master password.
Now here's what they said about us.
In this release, Elcomsoft Phone Breaker can attack the master password protecting 1Password containers downloaded from Dropbox or obtained from iTunes or iCloud backups.
You'll notice the lack of reference to weakness or speed with which they can best the encryption we use. If they found a weakness they'd say so and given their line of business not to boast would be mad. Now I haven't used their product but when I read that I see brute force attack. By that I mean you test every possible password from a single character upwards for every permutation of the available character map. It's the slowest form of attack but can be deployed against any encrypted file. Now this is where our security comes into play. All of our security is based on using well known encryption algorithms and parameters chosen on the assumption that somebody would try to brute force your Master Password. If you have a weak Master Password then their software can probably unlock a copy of your vault in a reasonable amount of time. That's why we've always recommended a strong Master Password to help us help you protect your vault (see How do I choose a good Master Password?).
That's why I'm not worried. No doubt Elcomsoft have done what they can to optimise the brute force attack, utilising all the CPU or GPU power they can but traditionally encryption falls to flaws in specific implementations or dumb design decisions rather than the sledgehammer approach. Now the day they say they've found an exploitable hole like they have with BlackBerry Password Keeper - that's the day we should be worried. That day isn't today though and we have good people making sure that day doesn't happen full stop.
You may very well have follow up questions and given we're talking about the security of your data you should ask and I, or another member of this amazing team will do our best to answer :smile:
0 -
Hello once again @wahringer,
I thought I'd post a link to a little something that I suspect might reassure.
In response to somebody tweeting surprise on our security, Elcomsoft replied via the same medium with the following reply.
@icristerna2 In fact @1Password provides very high level of security - password cracking speed is extremely low. You are safe :)
High praise indeed I would say :chuffed:
0 -
thanks have a nice day ! :)
0 -
Hi @wahringer,
I'm glad to hear that Little Bobby was able to answer your questions! If there's anything else you'd like to know about 1Password, we're here for you. :)
0
