I'm sure this topic has been discussed before but I was unable to search the for it with a meaningful number of results.
A series of articles in a recent issue of the German computer magazine c't about state-of-the-art password cracking tools and techniques has prompted me for this question: what is the method used to derive the master key for the psafe3 database from the master password?
If an attacker gets a psafe3 database into his hands, the effort needed to crack the master password is highly dependent on the key derivation method. If a method such as PBKDF2 or bcrypt is used, the cracking process can be a million times or more slower than if only a simple hash algorithm such as SHA1 or SHA-512 is used.
For me, this question is of particular interest since I'm not only using PasswordSafe on the PC but also the Pwsafe app on my iPad and I need to keep the psafe3 database in my Dropbox.
Regards,
Ulrich
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm sure this topic has been discussed before but I was unable to search the for it with a meaningful number of results.
A series of articles in a recent issue of the German computer magazine c't about state-of-the-art password cracking tools and techniques has prompted me for this question: what is the method used to derive the master key for the psafe3 database from the master password?
If an attacker gets a psafe3 database into his hands, the effort needed to crack the master password is highly dependent on the key derivation method. If a method such as PBKDF2 or bcrypt is used, the cracking process can be a million times or more slower than if only a simple hash algorithm such as SHA1 or SHA-512 is used.
For me, this question is of particular interest since I'm not only using PasswordSafe on the PC but also the Pwsafe app on my iPad and I need to keep the psafe3 database in my Dropbox.
Regards,
Ulrich
This is defined in the format specification document. We're using an equivalent of PBKDF2 with SHA-256 and a configurable number of iterations, currently set at 2048.
For details, see https://sourceforge.net/p/passwordsafe/code/5212/tree/trunk/pwsafe/pwsafe/docs/formatV3.txt
Section 2.3, and http://www.schneier.com/paper-low-entropy.pdf.
Rony, thanks for the information. Very reassuring.