To protect your privacy: email us with billing or account questions instead of posting here.

Secret Key Obfuscation

waki
waki
Community Member

I'm a long term user of 1Password 4 and am looking to upgrade to a subscription as I've bought two new computers: Surface Pro and MacBook Pro and I need to sync the data between them.

I've read your whitepaper and would like some assistance.

I understand that the secret key is there to protect my data in the event that 1Password's servers get breached but I also understand that if I lose the secret key then I'm locked out of my data for good.

I'd like to keep it printed out in a couple of places but I don't want it in plaintext. I know that somebody finding the secret key would also need my master password but I'm a cautious guy.

Obviously the exact scheme I devise will be kept secret but would something like this work?

Example

Secret Key: ASWWYB-798JRY-LJVD4-23DC2-86TVM-H43EB
Obscured Key: BTYYBE-800LUB-MKXF7-34FE5-97UXP-I55GE

I've removed the "A3" prefix because that'd allow somebody to more easily break the code.

Each letter is a shift upwards using 11,22,33 as the key or 11,22,3 (in a five character group).

As the secret key is random would this type of substitution withstand cryptanalysis?
(I realise if the secret key were a dictionary word then it could be easily broken by looking at vowel patterns and letter frequency)

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @waki! Welcome to the forum!

    We normally recommend you print your Emergency Kit and store it in a safe place. If you do that, there is no need to use obfuscation techniques for your Secret Key. If you still prefer not to download your Emergency Kit, you can certainly not do that, and just keep your Secret Key stored inside the 1Password apps.

    Once you add your 1Password account to your 1Password app, you will always be able to retrieve your Secret Key from there as long as you remember your Master Password. This tutorial shows you how to find your Secret Key in the app.

    So in summary, as long as you remember your Master Password and have 1Password already configured on one of your devices, there will be no need to obfuscate your information at all.

    I hope this helps!

This discussion has been closed.