goryachev.com Products Design Research Contact

Passwørd Safe File Format

Copyright © 2022 andy goryachev
All rights reserved.


This document describes the Passwørd Safe file format version 2.00.00 and above.


    long SIGNATURE;
    int SCRYPT_N;               // scrypt N parameter
    int SCRYPT_R;               // scrypt R parameter
    int SCRYPT_P;               // scrypt P parameter
    byte[64] nonce;             // EAX mode nonce also reused for scrypt salt

    int payloadSize;            // size of encrypted payload byte array
    byte[payloadSize] payload;  // encrypted payload


SIGNATURE   0x1DEA201312111148L
SCRYPT_N                  16384
SCRYPT_R                      8
SCRYPT_P                     32
Scrypt parameters have been empirically selected to produce a balanced price/performance ratio, resulting in 16MB RAM and approximately 3 second processing time on a 2.7 GHz CPU.

Possible Problems

  1. Same nonce is used for EAX encryption and generation of encryption key via scrypt. This may or may not be ok.