Sunday, June 28, 2020

Limited Quantity offer: KeyReel Premium Free!

We’re trying to bring stress-free cybersecurity to everyone who uses the web. To do that, we need to spread the word about KeyReel. There are two ways you can help, and get the full KeyReel Premium app free:

App Store Review

Download KeyReel Premium from the App Store or the Google Play Store, put it through its paces, and leave a review on the app store you downloaded it from. Then email us a screenshot of the review you left.

Social Media Post

Download KeyReel Premium from the App Store or the Google Play Store and let your social network know you’ve done it with a tweet or Facebook post. You can either tag our Facebook or Twitter account, or email us a screenshot of your post.

You'll receive a code to get the full app free. If you enjoy using KeyReel, please don’t forget to make sure your friends have a chance at this limited opportunity: we’re only offering 100 free apps.

Thank you so much for your support; we hope you’ll enjoy KeyReel Premium on us for a lifetime.

Monday, June 22, 2020

KeyReel extension is available for 7 browsers

We develop KeyReel as the most private security assistant. It stores passwords only on your phone and, unlike similar apps, does not store passwords in the cloud or copy them between devices. Therefore, it made most sense for us to provide our users support for browsers with best privacy options, like Firefox or Brave.

Chrome was defacto choice for multi-platform browsers for quite some time. However Chrome privacy concerns were accumulating over time with most recent discovery of tracking users  actions in Incognito mode.

More and more users are looking into other browser options that provide better privacy and security. Firefox made a number of safe-browsing features in the past few years. Brave and Vivaldi browsers, in addition to great privacy feature, also offer superior built-in ad blocking, which make browsing faster and more enjoyable.

Today we are happy to announce the new release of KeyReel with direct support for 7 most popular browsers: Chrome, Edge, Safari, Firefox, Opera, Brave, Vivaldi. Update to the latest version of KeyReel for Mac/Windows to install extension to your favorite browser.

Not using KeyReel yet? Try it today - you can use all the Premium features for free for 90 days. Visit

Monday, May 18, 2020

KeyReel for iPhone Premium has arrived!

One year has passed since we have released a "production ready" version of KeyReel for iPhone. It has been proven to be a robust and handy password manager app which delights users with a frictionless login experience.

The time has come to separate a Premium version of KeyReel. It is available now for subscription on monthly and yearly basis. Free version is still available and it includes all standalone features, including the built-in authenticator.

Subscription version allows remote Windows and Mac clients connect to the phone. It includes all related features, like protected sites, automatic authenticator login and password clipboard sharing. We also offer an outstanding 90-day free trial of the Premium version. More details can be found on our pricing page.

The cost of the Premium version will allow us to fund new awesome features. It will also help to increase the trust of new users, as our customer feedback has clearly indicated that users trust their credentials to paid apps more than free apps.

Please join us in celebrating this fundamental milestone for KeyReel!

Truly yours,
KeyReel Team

Thursday, April 30, 2020

How strong should Master Password be?

KeyReel has a distinct difference from most password manager apps. While other password managers require to enter master password regularly, KeyReel needs a password only to recover database from a backup on the new phone. The problem of selecting a good recovery password is similar to the problem of choosing a master password though. It is because an encryption key for a backup file is derived from the recovery password.

The key difference between a master and recovery passwords is the usage pattern: since recovery password is entered only as often as you change the phone, we don't really need to optimize it for memorization or typing. Instead, you should write it down and store it in a safe box at your home or bank (or in 4th volume of the "War and Piece" where it will never be looked for :)

So how strong should a password be?

You can find tons of advice on the Internet, like "strong password has at least 12 characters", "at least one capital and one lower-case letter and digit", "must include special symbols !@#$" etc. You can find number of articles saying that 8-character password can be cracked in seconds. However, these calculations do not apply to master passwords! These articles usually refer to SHA-256 and SHA-512 hashing algorithms, that should never be used for master passwords.

The password should be so strong that it would be too expensive to crack it. Would you call a password strong if it would cost billion dollars to crack? The cost of cracking depends a lot on password hashing algorithm chosen.

Spoiler: our low-bound estimate is that to crack KeyReel backup file protected with 12-character randomly generated password which consists of capital letters and digits costs at least 2 trillion US dollars. This is enough for any use!

Digging into details

(Warning: article contains a fair amount of math :)

Length of the password and character set used define how many combinations a cracker would need to try to guess the password. For example, if possible character set includes 26 capital letters, 26 lower case letter and 10 digits, then the character set is 26+26+10=62 characters. The total number of possible combinations for 8-character password is 628=~2.18*1014 or over 218 trillion combinations.

We estimate the total cost of a potential brute-force attack by calculating the number of combinations and estimating dollar amount of a single combination attempt.

KeyReel uses Argon2 hashing algorithm with 6 iterations, 128 MB RAM and 2 parallel threads. It takes ~1 second to run on 2 CPUs of Pixel 2 phone. We have specifically used this phone as a baseline, since it is not too old, not too new. A second spent on password hashing during installation or recovery would not affect user experience.

By our estimates the cost of trying 1 billion combinations is ~$1,700 (see details at the end of the post). Trying 218 trillion combinations would cost 218,000*$1,700=$370,000,000 (or 370 million dollars). And to try all the combinations within 1 year a cracker would need to run on over 28,000 of most powerful AWS compute-optimized instances.

For a comparison, here is a reference table of estimated brute-force cost for various password parameters.

Character set Approx.
Est. Cost
1062 (a-z, A-Z, 0-9)1018220,000,000$1.4 trillions
962 (a-z, A-Z, 0-9)10163,500,000$23 billions
862 (a-z, A-Z, 0-9)101457,600$370 millions
892 (a-z, A-Z, 0-9, !@#$%...)10151,300,000$8 billions
1236 (A-Z, 0-9)10181,250,000,000$8 trillions
1036 (A-Z, 0-9)1015900,000$6 billions
1232 (A-Z without I and O, 2-9)1018300,000,000$2 trillions

For KeyReel Restore Key generator we chose the configuration with 12 characters and 32 combinations each. We decided to avoid ambiguous characters, like digit 0 and letter O, or digit 1 and letter I). Dividing generated sequence into 3 groups, like "3LDB-W4F9-3JHX" makes it easier to read, write or type. It is still too expensive to crack to worry about it in next few decades.

Does using special symbols help?

As you can see from the table above special symbols do not help much. Even if we use an additional set of 30 special symbols available on US layout keyboards, total number of combinations for 8-character passwords is still smaller than for 9-character password that does not include special symbols. The effort of typing special characters on mobile devices is just not worth it.

What about using words and phrases in passwords?

This is quite a large topic on its own and we will cover it in a separate post.

What about other password managers?

There is no single standard and various password managers use different algorithms with various parameters. Nowadays most used algorithms are PBKDF2, Scrypt and Argon2. PBKDF2 is oldest and also the cheapest one to crack due to availability of specialized hardware. Argon2 is a winner of Password Hashing Competition in 2015 and most recommended by the community. You can learn more about various algorithms in this article on Medium

Below is the list of various password mangers and algorithms used. To compare the speed of hashing we ran benchmarks for each algorithm on the same test machine. Slower the hashing, more costly it is to crack it.
  • KeyReel uses Argon2d with 6 iterations, 2 threads, 128MB RAM (~0.8s)
  • Dashlane uses Argon2d by default with 3 iterations, 2 threads, 32 MB RAM (~0.1s)
    • also supports PBKDF2-SHA2 with 200,000 iterations (0.01s)
  • LastPass uses PBKDF2-SHA256 with 100,100 iterations (0.005s)
  • 1Password uses PBKDF2-SHA256 with 100,000 iterations (0.005s)
  • KeePass uses AES-KDF with 60,000 iterations by default - (0.002s)
    • can be configured automatically based on 1-second performance test (needs ~25,000,000 iterations to be secure)
    • also supports Argon2 with configurable parameters. Defaults are 2 iterations, 2 threads, 1MB RAM (0.003s)
Note, that SHA256/AES are much faster/cheaper to run on GPUs or specialized ASIC hardware. Argon2 is resistant to GPUs, which makes it a better choice for hashing passwords.

Estimation of a brute-force attack cost 

As it is mentioned above, KeyReel uses Argon2 password hashing algorithm, which takes ~1 second  when executed on 2 CPU cores in parallel on Pixel 2 or iPhone 7. It would take a bit more on the older phones and a bit less on the last generation of the phones ( up to~30% faster). For the sake of our calculations we will lower the number to 0.4 seconds on a single CPU, to account for advances in hardware and software optimizations.

To estimate the cost, we use a public price of a most powerful compute-optimized instance in AWS called "c5.metal". This instance has 96 vCPU and 190 GB of RAM. And the lowest price you can get it without a special deal with Amazon is $13,000 per year (calculated based on 3-year contract full-upfront price, North Virginia region, Linux OS).

Since we chose 128 MB as a parameter for hashing algorithm, this instance has enough RAM to run 1,900 hashes in parallel. However, there are enough CPU cores to run only 96 hashes in parallel. With one hash taking 0.4 seconds, such host can calculate 96/0.4=240 combinations per second. This is equivalent of 240*60*60*24*365=~7,600,000,000 combinations per year. Therefore, we assume that cost of testing 1 billion combinations is $13,000/7.6=~$1,700

Wednesday, April 29, 2020

New features in KeyReel for Android!

In the past several weeks we have added a number of new features to KeyReel Android (Beta). Here is the short summary.

Search and Icons

The most wanted feature - Search - is now available on Android! With just few taps you can filter out your accounts to ones you need right now.

We have also improved the quality of account icons by advanced site metadata parsing and considerably improved icon load speed for most common sites. 

2FA at your fingertips

Adding a second factor of authentication in addition to the password is a big improvement to your online security. With new release setting up a second factor became even easier. Just click on the account you want to add the second factor to and follow the steps similar to Google Authenticator, Duo Mobile or similar apps.

This way you can track authentication code on the same account as your password and benefit from automatic password and code auto-fill on your paired laptop/desktop.

Generation of Backup password

While KeyReel does not have a master password, strong recovery key is necessary for backups. We have switched our backup password hashing algorithm to a stronger Argon2, which allowed us to minimize the recovery key length. More about it in a separate post.

Root Protection

When phone is rooted, it allows to install apps that have nearly unlimited power of the phone. While it was necessary in the early days of Android, when there was a little amount of apps, it is not used much today. Only few enthusiasts and identity thieves have use root devices. In order to protect our user most sensitive information, we have made a decision to disable KeyReel on rooted devices.

Other changes

  • Improved auto-fill in Android apps
  • Improved Bluetooth connectivity with laptops/desktops
  • Conceal passwords by default and make it configurable in the settings
  • Switched site password strength estimation algorithm to Dropbox zxcvbn library

Monday, April 20, 2020

KeyReel Windows Beta major update

Over the past 4 weeks we have added a number of new features to KeyReel Windows (Beta) version 1.23. Below is what we added.

Configuration Wizard

We have added a step-by-step guide to setup KeyReel. It makes installation of web-browser extensions and phone pairing really fast.

Support for Edge Chromium

Since Edge Moved to Chromium, it supports Chrome Extension Web Store. This allows to install existing KeyReel extension from Chrome store. We have added links to the extension from system tray menu and installation wizard.

Password Generator

 Password generator is available from the system pair menu.

Other Changes and Features

  • Switched UI to use Windows Presentation Framework (WPF). This allowed to bring rich styles to the user interface.
  • Improved stability and robustness of the app. Fixed several bugs causing crashes and added automatic restart in a case of failure.
  • Improvements to Bluetooth connection stability.
  • Removed annoying console windows during installation and upgrade.
  • Switched to Dropbox 'zxcvbn' library to analyze password strength.
  • Enabled anonymous data usage statistics.
  • Fixed new version availability notification (requires one-time manual reinstall).

Tuesday, March 3, 2020

KeyReel Beta for Android and Windows are available now!

We are excited to present two new additions to KeyReel family:

New products include core features, like clipboard sharing and integrated 2FA (similar to Google Authenticator).

Both products are available at Beta tier. What does it mean? UI is not polished and missing a number of features (like search or filtering). And likely has a couple of bugs. 

However, we have not compromised security! On opposite, our Android version is slightly more secure than iOS. One example is that passwords are doubly encrypted and are not stored in Android device memory in decrypted form longer than it is needed for login to an app or a site.

Give it a try and let us know what you like about it and how it can be improved. If you wish to contribute to KeyReel as an official beta tester of Android version, use this link. Or you can always send us feedback using our contact form.

And if you have not yet tried KeyReel before and love your Apple products, try it now!