This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

10000 PBKDF2 interations in the beta build

melbogia
melbogia
in Windows Beta
Hi, I was looking at Version 1.0.9.BETA-297 (build #297) for Windows, and one of the changes are



* Changed Increased PBKDF2 iterations to 10,000 for new 1Password data.



1. How do I make all my data use 10,000 interations, instead of just new data?

2. What were the PBKDF2 iterations before this change, 1000?
Flag

Comments

  • khad
    khad Social Choreographer
    edited August 2012
    Welcome to the forums, melbogia! You can simply change your master password to take advantage of the increased PBKDF2 iterations (up from 1000 previously).



    Please note, however, that going from 1,000 iterations to 10,000 iterations adds a relatively small degree of additional security. Adding a single random digit to the end of your Master Password would offer the same increase. So we reach a point where increasing the number of PBKDF2 rounds offers little additional security. This is one reason we've not been inclined to put this under direct user control because we know that many people will focus on the (wrong) numbers. People will push it up to the maximum we allow with no practical gain in security (while they will end up sucking the battery life out of their mobile devices if they sync with them). <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />



    I hope that helps. Please let me know.
    Flag
  • Stefan von Dutch
    Stefan von Dutch Community Moderator
    [quote name='khad' timestamp='1345337627' post='61558']

    You can simply change your master password to take advantage of the increased PBKDF2 iterations (up from 1000 previously).

    [/quote]



    I'm afraid this is not correct. New 1Password Data Folder(s) take advantage of the increased PBKDF2 iterations. "change master password" does not change your PBKDF2 iterations.
    Flag
  • melbogia
    melbogia
    So there's no way to increase the PBKDF2 iterations for existing 1password data? I don't know how much additional security it gives me to go from 1000 to 10,000 iterations, and it might be slim, as khad pointed out. But I'd still like to convert my existing data to use 10,000 iterations. How can I do it?
    Flag
  • khad
    khad Social Choreographer
    Apologies for my earlier post. As Stefan pointed out, changing the Master Password does not recalibrate the PBKDF2 iterations in 1Password for Windows. As he also mentioned, only [b]new[/b] data folders are created with 10,000 iterations.



    I'll reiterate — no pun intended — my point above, though. Adding a single random character to your Master Password will give the same benefit. If you are concerned with the security of you data, a stronger Master Password is a far wiser investment than trying to increase PBKDF2 iterations. PBKDF2 is most beneficial when data is encrypted with a [b][i]weak[/i][/b] password. The returns diminish quickly as the strength of the Master Password increases. We recommend using a strong, memorable master password. If you're not sure about the strength of yours, we have some tips:



    http://blog.agilebits.com/2011/06/21/toward-better-master-passwords/



    Please let me know if there is anything else I can help with.



    Cheers,
    Flag