This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Hashing fast and slow: GPUs and 1Password

Penelope Pitstop
Penelope Pitstop Junior Member
edited December 2012 in Lounge
Another [url="http://blog.agilebits.com/2012/12/05/hashing-fast-and-slow-gpus-and-1password/"]intriguing blog post[/url] from Jeff. As usual it has made me think a little bit harder about how 1PW works - probably too much for my own good <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/skype_thinking.png' class='bbc_emoticon' alt='(think)' />.



So, potentially dumb question of the week: How does 1PW know you entered the correct master password?



I understand 1PW runs the password you type in through the PBKDF2 algorithm many times. Does this process only successfully complete and yield a derived key if you entered the correct password? If it always generates some form of derived key, how do you know that is the correct one when you try to use it to decrypt a keychain item?



More generally, if you have some automated password cracking system that is trying "brute force" the decryption of some data, how does the computer know it was successful when the encrypted data might not even be in natural language?
Flag

Comments

  • khad
    khad Social Choreographer
    edited December 2012
    When you enter your master password, 1Password attempts to decrypt the encryption key which is 1024 bytes of random data generated when the data file was created. If the master password is correct, then the key is provide. Otherwise, nothing is returned.
    Flag
  • ealing_mgr
    ealing_mgr
    What happen if I forget my master password? Is there any way to retreive it?
    Flag
  • Penelope Pitstop
    Penelope Pitstop Junior Member
    edited December 2012
    @ealing_mgr, no, if you forget your master password, your data is lost. Jeff [url="http://blog.agilebits.com/2011/06/21/toward-better-master-passwords/"]provides great advice[/url] on choosing memorable master passwords and recommends writing them down on a piece of paper that you keep in a safe place.



    @khad, thanks for you reply. I find it fascinating that any password can be used to generate a key to encrypt data yet the decryption algorithm fails with anything but the correct key (instead of returning nonsense). Please can you recommend a book or internet article I can read that explains how that works? I studied math and computer science at university so I think I would be OK with something quite detailed. However there are so many books published on cryptography that I don't know where to start.
    Flag
  • khad
    khad Social Choreographer
    edited December 2012
    [quote]What happen if I forget my master password? Is there any way to retreive it? [/quote]

    To reiterate what Penelope Pitstop wrote:



    For your privacy and security, your master password is known only by you. We cannot reset it for you and you cannot change it without entering the old one. There is also no "back door" to access your data without the master password. If there were, that would be a security hole that criminals could exploit to steal your information.



    If you think you know what the password is, but it is not being accepted, please see the tips in this guide:



    [url="http://help.agilebits.com/1Password3/forgot_password.html"]http://help.agilebit...t_password.html[/url]



    Please try each tip, for we have found them to be the most common causes of this problem. If you cannot remember the password, you will need to restore from a backup or start over. Both of these steps are documented in the guide.



    If you've really never stored anything in your 1Password data file then starting over is really easy -- but you'll want to make sure and provide a good "password hint" so you don't forget the master password again.



    The link Penelope gave above to our blog post on choosing a strong, [b][i]memorable[/i][/b] master password is a great place to start:



    [size=5][b][url="http://blog.agilebits.com/2011/06/21/toward-better-master-passwords/"]Toward Better Master Passwords[/url][/b][/size]



    [quote]I find it fascinating that any password can be used to generate a key to encrypt data yet the decryption algorithm fails with anything but the correct key (instead of returning nonsense). Please can you recommend a book or internet article I can read that explains how that works?[/quote]

    Unfortunately if a little crypto knowledge is a dangerous thing I myself am a "little crypto knowledge". A tiny one perhaps. I can only imagine that Jeff can rattle off several additional resources from memory, but I don't know of a good one offhand. I'll ping him and see. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />
    Flag

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.

Comment As ...