As hardware has become faster, the cost of a brute-force attack on an encrypted safe has fallen. To counter this risk, SamuraiSafe now:

  • ensures your safe password is strong (by setting a minimum standard for safe passwords),
  • can use a stronger algorithm to generate the encryption key:
    • PBKDF2 runs 50 times more iterations1,
    • a safe specific salt is added (further complicating decryption).

Enhanced encryption is a new option in SamuraiSafe settings. Currently the default is off.

The safe password needs to be updated for enhanced encryption to be enabled.

The safe version will be indicated on the password history panel:

  • V1: original safe format
  • V2: adds password history, autofill customisation
  • V2E: adds enhanced encryption key

Note that safes with enhanced encryption won’t be recognised by old versions of SamuraiSafe (i.e. older than V1.5.16 on macOS and V1.6.29 on iOS). They will fail to open with an incorrect password message. So ensure all your copies of SamuraiSafe are up to date prior to enabling this feature.

If Enhanced Encryption is disabled, new safes will have standard (V2) encryption, and changing the safe password downgrades the safe to standard (V2) encryption.

  1. iPhone 6s: ~224ms, iPhone 14: ~58ms.