Hacker News new | ask | show | jobs
by mileswu 4937 days ago
It encrypts all your passwords using AES with a 128 bit key derived from your master password (PBKDF2) [1].

This is very different to what the article is talking about, since it encrypts your passwords, but the article talks about hashing which is one-way.

[1] http://help.agilebits.com/1Password3/agile_keychain_design.h...
1 comments
xorgar831 4937 days ago
The problem with PBKDF2 however is that if you pick a weak password it's useless. It would be better if they included an option for a key as well like other password safes do.
link
dfc 4937 days ago
"The problem with INSERT-SOMETHING however is that if you pick a weak password it's useless"

When is this not the case?

link
schlomie28 4937 days ago
When you have a key as well.
link
DanBC 4937 days ago
> It would be better if they included an option for a key as well like other password safes do.

I would love to see research about the use of keys and passphrases. Especially, do people who have a key then chose a weaker master password?

link