This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
1Password file format
Are there any plans to "open-up" 1Password Agile Keychain format?
After reading [url="http://help.agilebits.com/1Password3/agile_keychain_design.html"]http://help.agilebit...ain_design.html[/url] I understand that 1Password file format is essentailly a JSON file. What I don't understand is how to decrypt the following fields using a master password.
encrypted" : "..."
usernameHash" : "...",
You use PBKDF-SHA1 to derive a decryption key for AES-128 from master password but exactly which mode of AES is used. What about IV? Number of iterations? Do you plan to document this?
Thanks!
After reading [url="http://help.agilebits.com/1Password3/agile_keychain_design.html"]http://help.agilebit...ain_design.html[/url] I understand that 1Password file format is essentailly a JSON file. What I don't understand is how to decrypt the following fields using a master password.
encrypted" : "..."
usernameHash" : "...",
You use PBKDF-SHA1 to derive a decryption key for AES-128 from master password but exactly which mode of AES is used. What about IV? Number of iterations? Do you plan to document this?
Thanks!
Flag
0
Comments
-
Ah, yep! I was actually trying to find that link yesterday but didn't have it handy. I'm glad you were able to find it. Let me know if there is anything else we can help with. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />
Cheers,Flag 0 -
Hi webie!
I certainly could do a better job documenting the format, but we are busy with the next generation format, which again our [i]intent[/i] is to fully document. I'm glad you found what you are looking for.
Just out of curiosity (and don't feel obliged to answer), were you involved the development of the [url="http://www.openwall.com/lists/john-users/2012/07/20/3"]1Password plug-in for John the Ripper[/url]? I'll be blogging about that shortly, but let me just say that we've known since we developed the agilekeychain that automated password cracking was inevitable. And when last month we saw JtR plug-ins for other password mangers, it was clear that this was coming soon.
We've been advising users to have good master passwords for a long time and using PBKDF2, under the assumption that such crackers may exist (just not publicly). Now that it is public, it helps us better make the case to users to pick good master passwords.
Cheers,
-jFlag 0