We’ve just updated Elcomsoft Distributed Password Recovery with the ability to break master passwords protecting encrypted vaults of the four popular password keepers: 1Password, KeePass, LastPass and Dashlane. In this article, we’ll talk about security of today’s password managers, and provide insight on what exactly we did and how to break in to encrypted vaults. (more…)
We’ve analyzed 17 popular password management apps available for Apple iOS and BlackBerry platforms, including free and commercially available tools, and discovered that no single password keeper app provides a claimed level of protection. None of the password keepers except one are utilizing iOS or BlackBerry existing security model, relying on their own implementation of data encryption. ElcomSoft research shows that those implementations fail to provide an adequate level of protection, allowing an attacker to recover encrypted information in less than a day if user-selectable Master Password is 10 to 14 digits long.