goryachev.com Products Design Research Contact

Passwørd Safe File Format

Copyright © 2018 Andy Goryachev
All rights reserved.


This document describes the Passwørd Safe file format version 2.00.00 and above.


    long SIGNATURE;
    int SCRYPT_N;               // scrypt N parameter
    int SCRYPT_R;               // scrypt R parameter
    int SCRYPT_P;               // scrypt P parameter
    byte[64] nonce;             // EAX mode nonce also reused for scrypt salt

    int payloadSize;            // size of encrypted payload byte array
    byte[payloadSize] payload;  // encrypted payload


SIGNATURE   0x1DEA201312111148L
SCRYPT_N                  16384
SCRYPT_R                      8
SCRYPT_P                     32
Scrypt parameters have been empirically selected to produce a balanced price/performance ratio, resulting in 16MB RAM and approximately 3 second processing requirements on a 2.7 GHz CPU.

Possible Problems

  1. The source code is only available for qualified reviewers upon request. Yes, perhaps I should open source it.
  2. Same nonce is used for EAX encryption and generation of encryption key via scrypt. This may or may not be ok.
  3. Key may be leaked through the nonce since the source code is not available (it isn't, trust me).
  4. JAR is not signed, and is being distributed via unsecure connection.