SECURITY
Why we moved to 256-bit AES keys
by
Jeffrey Goldberg
Why 1Password moved to using 256-bit AES keys instead of 128-bit keys.
Continue readingBlog | 1Password
SECURITY
You have secrets; we don’t, why our data format is public
by
Jeffrey Goldberg
The security of your 1Password data depends on only one secret—your Master Password. It also depends on plenty of things that aren’t secret. For example, 1Password uses the AES encryption algorithm, every detail of which is defined by public standards; your security depends on the security of AES, but there is nothing secret about it.
Continue readingSECURITY
Authenticated Encryption and how not to get caught chasing a coyote
by
Jeffrey Goldberg
I introduced HMAC (Hash-based Message Authentication Code) through the back door when talking about the Time-based One Time Password (TOTP) of Dropbox’s two-step verification. But TOTP is actually a peculiar way to use HMAC. Let’s explore what Message Authentication Codes (MACs) are normally used for and why they play such an important role in the …
Continue readingSECURITY
Doing the two-step until the end of time
by
Jeffrey Goldberg
In my discussion of Dropbox’s new two-step authentication, I skimped on the cryptography. Because we had to move quickly, I wanted to focus at the time just on our recommendations, so I told a few fibs about how the way the six digit codes “get” to your phone. Now I want to explain how it really works.
Continue readingSECURITY
Alan Turing’s contribution can’t be computed
by
Jeffrey Goldberg
Alan Turing was born a hundred years ago this year and his most important paper was published seventy-six years ago (November 1936). It is close to impossible to overstate the influence that Turing has had on the modern world. It is something well worth celebrating his life throughout this centennial year. Although any celebration must be tempered …
Continue readingSECURITY
Hashing fast and slow: GPUs and 1Password
by
Jeffrey Goldberg
The net is atwitter with discussion of Jeremi Gosney’s specially crafted machine with 25 GPUs that can test hundreds of billions of passwords per second using hashcat, a password cracking system. Password crackers, like hashcat, look at the cryptographic hashes of user passwords and repeatedly make guesses to try to find a password that works. …
Continue reading