1password.com UUID format?
The documentation for OPVault claims that:
each item is associated with a universally unique identifier, the UUID. These are 128-bit numbers that are chosen as RFC 4122 Version 4 UUIDs
and that 1Password uses OPVault in CloudKit records:
The OPVault security design is not limited to the OPVault file format. Indeed, we use the OPVault design within SQLite data records and CloudKit records.
The 1Password UUID format doesn't quite look like an RFC 4122 UUID. They're a bunch of 26-character strings, but I can't quite seem to translate them to a proper UUID.
Example UUIDs:
5uwcdh3rgdhkrbdwkkwblqz2oa
q5hwvjwcemhaw2pqn2feid72ly
it fits the base32 alphabet of RFC 4648, but yields malformed UUIDs when padded out.
Are these actually RFC 4122 UUIDs? If so, what encoding scheme are they using here?
more to the point, I'm wondering if the UUIDs leak any information. The docs for 1Password's OPVault UUIDs claim that
Because each UUID is chosen at random, it contains no information about the content of an item. These UUIDs reveal no information about the creators system other that than the fact that they are RFC 4122 Version 4 UUIDs. When a user modified information in an item the UUID remains the same, although the time stamp associated with it will change.
but I'm not sure this is still true of the new (?) format.
1Password Version: 7.2.5
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: 1password.com
Comments
-
actually, an update -- the UUIDs for items generated manually are, in fact, base-32 encoded RFC 4122 UUIDs.
It's only items/vaults generated via the
op
CLI that have malformed UUIDs.0 -
on op version 0.5.5:
Items and vaults added with the op CLI have UUIDs that don't match the RFC 4122 format.
Example UUIDs generated by the CLI:
5uwcdh3rgdhkrbdwkkwblqz2oa
q5hwvjwcemhaw2pqn2feid72lyValid UUID versions are 1 through 5, meaningful only when the variant is RFC_4122.
But for IDs generated by the desktop client:
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided0 -
Also possibly of note - conducting the same analysis on my personal and work vaults, I can see that almost everything (since most things were made via browsers or the UI) are valid UUID4s… but all the auto-provisioned "welcome kit" examples are invalid. I don't know if this automation is driven by the same CLI tool, but I'm guessing not, since my account predates the availability of
op
.0 -
Hrmmmm....
The documentation you quote is for OPVault which is different from what we do for 1Password.com vault items. But regardless I think you may have found a difference in how our different apps generate the new style UUID.
The welcome kit items are generated by the web app which does not share uuid code with the CLI.
We’ll need to look into this.
Rick
0