Elcomsoft just published a very informative review of the state of the mobile password manager landscape. They investigated the defences applications provide and how long it would take to discover someone’s Master Password. In their findings, they found that if on iPhone or iPad your 1Password Master Password contained only numbers and was 12 digits long, then it could be found in one day, assuming the attacker got ahold of your device or a copy of your data file.
Note that this discovery time is for passwords that only use digits. As Dmitry and Andrey pointed out, this would be equivalent to a 6 character password (lowercase and uppercase characters, digits, as well as symbols):
To quickly convert this value to a comparable length of a password composed of random ASCII characters one can simply divide the former number by two (since number of ASCII characters is 95 ≈ 102).
The main reason the password can be determined so quickly is because 6 characters provide relatively few possible password combinations. To put this into perspective, here’s how the password length affects the discovery time:
|Password Length||Possible Combinations||Discovery Time|
|10||9510||223, 152 years|
|11||9511||21, 199 centuries|
|12||9512||20 million centuries|
|13||9513||2 bln centuries|
(42 times the age of the earth)
The discovery times are extrapolated from the numbers provided by Dmitry and Andrey in Table 2: Password recovery speeds and recoverable password lengths.
As you can see, it would take quite a while to discover a ten character password. Personally, I use a 13 character password as I have a lot of very sensitive data within 1Password and I want to ensure it remains safe, even if my iPhone was lost. It would take an attacker a very long time to iterate through all the possible combinations, and that is why the discovery time is so inconceivably huge.
With that said, as Dmitry and Andrey point out, 1Password could do more to slow the password discovery process, thereby making it take even longer. For example, on the desktop (both Windows and Mac), 1Password uses PBKDF2 to significantly slow down attackers. Currently this is not available on iOS as we needed to support older devices. The next major release of 1Password will only support iOS 5 and at that time we will be incorporating these additional defences.
You may be wondering why we think strengthening is required; after all, even a 10 character password would require hundreds of thousands of years to crack. The reason is 3 fold:
- Some users are using shorter passwords and we want to provide them as much protection as possible.
- All these numbers are based on the same hardware described by Dmitry and Andrey. Depending on the attacker’s resources, more powerful machines could be available.
- As time goes on, machines will continue to get faster.
To help guard against faster hardware and to strengthen shorter passwords, we are planning to update 1Password’s defences with several significant changes:
- 1Password 4 for iPhone will no longer allow items to be protected by just the PIN code. The PIN code was meant for less sensitive items and we always expected the Master Password protection to be enabled on important items. To simplify things, all items will be protected with the Master Password, just like on iPad, Mac, and Windows.
- In 1Password 4, we will be switching from 128 bit AES encryption keys to 256 bit.
- In 1Password 3 for iPad and iPhone, the password verification process will be significantly slowed down. Specifically, PBKDF2 will be added to iOS to match the Desktop versions. We will also remove the PKCS#7 padding mentioned by Dmitry and Andrey so attackers will be forced to perform two AES decryptions instead of just one.
Updates for 1Password 3 will be submitted to Apple within the next few weeks. Work on 1Password 4 is ongoing and it will be published later this year.
In sum, it is great that Elcomsoft took the time to analyse mobile password managers and draw attention to how critical password length is when protecting your data, and at how easy it is to “pick” a 4 digit PIN code. It’s important that everyone knows this.
What you can do today to ensure your data is protected is the same thing we have recommended all this time: use a Master Password on iPhone and iPad that is long enough to provide adequate protection for your needs. You can refer to the table above to determine the length of password that makes you feel most comfortable. Also, on iPhone, be sure to go through your items and ensure you have enabled Master Password protection.
Lastly, all of the calculations assume the attacker has full access to your data. To protect against this, secure your iOS device with a passcode and if you are still backing up with iTunes, be sure to encrypt your backups.