This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

1 Password for iPhone encryption strength?

<div class="IPBDescription">How strong is it....really?</div>I have done all the research I can stand to do and I have almost settled on this program to manage my passwords. Most apps for the iPhone4 say they are AES 256, what's 1Passwords strength? Is 512 the best? Is there an Agile 512 version coming for iPhone and iPad? Thanks for any help...

Comments

  • teedoff087
    teedoff087 Junior Member
    There is no such thing as AES-512. I think security experts will agree that you are only as secure as your master password. Unless someone knows or successfully guesses your master password, it would take forever to crack your 1Password keychain.



    So make sure you have a good master password (that you can remember, obviously) and you should be fine.



    One thing you should know about the 1Password iPhone app: you can use a PIN (4-digit code) and a different master password to protect your passwords on your iPhone. So you essentially have two layers of protection. Just don't make your PIN for the 1Password app the same as the one to unlock your iPhone's home screen.
  • khad
    khad Social Choreographer
    Welcome to the forums, wes_coast!



    Jeff wrote a [url="http://forum.agile.ws/index.php?/topic/1958-all-information-is-not-encrypted/page__view__findpost__p__15256"]very good post about AES 128- vs 256-bit encryption[/url]. The TL;DR version is that your data is very, very secure. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    In some sense, teedoff, your data file is actually more secure than your master password thanks to PBKDF2 (which Jeff mentions in his post).



    Please let me know if you have any additional questions or concerns!
  • roustem
    roustem AgileBits Founder
    edited December 2010
    As security experts like to say, "if you implement the encryption algorithms yourself, you are doing it wrong":



    http://stackoverflow.com/questions/1914257/when-can-you-trust-yourself-to-implement-cryptography-based-solutions

    http://chargen.matasano.com/chargen/2009/7/22/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing.html

    http://blogs.msdn.com/b/ericlippert/archive/2009/12/14/use-the-right-tool-for-the-job.aspx





    iOS provides built-in implementation of AES-128 on iPhone and iPad and this implementation is tested and proven to be secure.

    There is no built-in implementation of AES-256 in iOS and that means that other apps have implement it themselves. I will let you make the conclusion <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />
  • wes_coast
    edited December 2010
    Thanks for the input! 
  • khad
    khad Social Choreographer
    We are always here to help. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    Cheers!