This is absolutely unacceptable. Agilebits has long talked about how they use PBKDF2 to secure your passwords, and using anything different on mobile is an abuse of trust.
Agilebits' response is hand-waving. Of course longer passwords are more secure. If we all used 32-character passwords, we wouldn't even need key derivation.
But we expect to use reasonably simple (7-10) character passwords because it's possible to make these secure against cold attacks using math. And when the software you use has in the past described the algorithms it uses, you expect all versions of the software to work in the same manner.
I've long used 1password, and I don't plan to stop using it yet, but this is a serious breach of trust, and I feel less secure in using it now.
I am going to add the PBKDF2 strengthening and fix the problem with the PKCS#7 padding mentioned in the article. We plan to submit the 1Password update by the end of March.
The support iOS 3 and the old devices really hurt us there as the performance gap between iPhone 3 and iPhone 4S is huge and so far we were targeting the lowest common denominator. I am still not sure what to do about the older iPhones. We'll probably try to adjust the number of PBKDF2 iterations based on the device. Unfortunately, the PBKDF2 calibration API is only available on iOS 5.
KeePass databases are AES-encrypted with a 256-bit key. The key is generated from your passphrase with a user-configurable number of bcrypt rounds, followed by a single SHA-256 round, to reduce it to the 256 bits needed by AES.
I appreciate the paranoia, but it doesn't scale for normal users. With every page the users browses/app they install/etc there is a chance of the device executing code that's going to do something naughty. Operating under that assumption, one would hope that things like password managers would mitigate some of the long term effects of that, but as we see from this report that is not typically the case.
"Many password management apps offered on the market do not provide adequate level of security. We strongly encourage users not to rely on their protections but rather use iOS or BlackBerry security features.
For Apple users: set up a passcode, and a (complex!) backup password. Do not plug the unlocked device to computers you do not trust to prevent creation of pairing. If you can't encrypt backup for some reason, restrict access to it as much as possible."
i'd like to know how parallelized the computation is assumed to be.
