The crux of it:
"1Password uses PBKDF2 to significantly slow down attackers. Currently this is not available on iOS as we needed to support older devices. The next major release of 1Password will only support iOS 5 and at that time we will be incorporating these additional defences"
This is absolutely unacceptable. Agilebits has long talked about how they use PBKDF2 to secure your passwords, and using anything different on mobile is an abuse of trust.
Agilebits' response is hand-waving. Of course longer passwords are more secure. If we all used 32-character passwords, we wouldn't even need key derivation.
But we expect to use reasonably simple (7-10) character passwords because it's possible to make these secure against cold attacks using math. And when the software you use has in the past described the algorithms it uses, you expect all versions of the software to work in the same manner.
I've long used 1password, and I don't plan to stop using it yet, but this is a serious breach of trust, and I feel less secure in using it now.
I am going to add the PBKDF2 strengthening and fix the problem with the PKCS#7 padding mentioned in the article. We plan to submit the 1Password update by the end of March.
The support iOS 3 and the old devices really hurt us there as the performance gap between iPhone 3 and iPhone 4S is huge and so far we were targeting the lowest common denominator. I am still not sure what to do about the older iPhones. We'll probably try to adjust the number of PBKDF2 iterations based on the device. Unfortunately, the PBKDF2 calibration API is only available on iOS 5.
About 18 months ago I removed support for iOS 3 and we got a huge pushback from existing users. I spent another month adding back iOS 3 support. I am sure things must be different now.
in other products which are very very non-tech consumer focused, i've seen almost zero iOS 3 deployment. You should feel incredibly comfortable deploying as iOS 5+ only at this point.
People most definitely still use older phones. I use my iPhone 3G when I travel overseas because there's an easy unlock available for it (unlike the baseband on my current model). And password manager is one of the things I really want to work across all my devices. Actually, if I can't share 1password database between old and new phones, I'll probably be looking for a different password manager. Having said that, I obviously don't expect it to perform fast on older hardware.
I think the better thing to do for older devices would have been to make it a user-settable option, with a note on first install. I would have preferred to have a 5 or even 10 second delay in opening my 1password keychain, rather than have it less secure. But it's a moot point now--as others noted, the older devices are quickly falling out of favor (at least among those savvy enough to use something like 1password).
This is absolutely unacceptable. Agilebits has long talked about how they use PBKDF2 to secure your passwords, and using anything different on mobile is an abuse of trust.
Agilebits' response is hand-waving. Of course longer passwords are more secure. If we all used 32-character passwords, we wouldn't even need key derivation.
But we expect to use reasonably simple (7-10) character passwords because it's possible to make these secure against cold attacks using math. And when the software you use has in the past described the algorithms it uses, you expect all versions of the software to work in the same manner.
I've long used 1password, and I don't plan to stop using it yet, but this is a serious breach of trust, and I feel less secure in using it now.