1Password 3.6.5 for iOS Updated with PBKDF2 Security
One of my most utilized and favourite password managers on my Mac and iOS is 1Password, created by Agile Bits based right here in Canada. Their latest 1Password 3.6.5 update for iOS has included improved security, with the debut of PBKDF2 as explained on their blog:
10000 PBKDF2 iterations
Your Master Password on your device is now protected with 10,000 iterations of PBKDF2. What this means is that if an attacker were somehow to get hold of your encrypted 1Password data from your phone (not an easy thing to do if you take proper precautions), it will be even harder for them to run automatic password guessing software against your master password. PBKDF2 makes the mathematical process of checking whether a Master Password is correct much longer and more difficult.
Your secrets are very well encrypted and protected by your Master Password, but these new measures strengthen that protection. You can read about PBKDF2 in an old article, Defending against crackers: Peanut Butter Keeps Dogs Friendly, Too to get more details as it applies to 1Password on the desktop; the same ideas work on iOS devices.
Agile says PBKDF2 security was implemented now was because our faster devices can handle the performance load better. PBKDF2 functions weren’t originally available in the iOS 3 SDK, but the team was able to implement it using other methods.
Other updates include the addition of Dropbox OAuth tokens to be stored security into the iOS keychain, along with various bug fixes and Retina Display support for the new iPad. You can check out the fine details as explained on their blog here.