Found some files on my hard drive potentially related to 1Password
I found a folder named "default" on my hard drive that I hesitate to blow away because it might have something to do with 1Password. I conclude that from some of the content, which is not intended to be user-friendly. Much binary and encoded text.
So I am wondering if anyone could shed any light on the contents described here.
- There are 141 items in the folder named "default"
- Most of the files have names like "0F9258934E4745A69D2BB8C4AD4F2920_A0C7D41C5A0349C89CEBB1A8FD7C9480.attachment"
- The content of those files starts out with something like "OPCLDATÅ`5{"txTimestamp":1500337951,"uuid":"A0C7D41C5A0349C89CEBB1A8FD7C9480","itemUUID":"0F9258934E4745A69D2BB8C4AD4F2920","updatedAt":1465397357,"createdAt":1465397357,"overview":"b3BkYXRhMDE3AAAAAAAAAPqifFw6YJieDxv7Ei5QhXiQ+Zx2VhbP5QHtjJBNVGCTDT+lkIJUbXPyswg\/cYAqfFbjh9krt5LztenO+U17PcWlOMHz62FJ0AhjLftCW0j9Ay+eTNus61TY6gHMytT5gZTr+NYkw+2H+KUgSLnaeFU=","contentsSize":146354,"external":true}opdata"
- After that readable intro, the rest of the file is binary.
- About 16 files have names like "band_0.js"
- The into of such files have content like "d({"05E872A99A0D4684B12E73DCFF8CE3AA":{"category":"100","updated":1471302198,"k":"E1SJGkstZjIIWRRCNar4BgfoLbngCvA0xG5\/D4TKGgTRdZlEv6BogHW6LMr22l7MErT\/K350QwAGq2RUzDnPiA4admQYABbuvqXOXlxETzPpAgBsSfrOKNL3grJ7\/hnRu+cym5fOdV8S6BmD4Q1ALg==","tx":1579554724,"hmac":"\/giwO92mlMRTG87ZNW7e4QEl0rIFjV8zso0MN8H2iLg=","uuid":"05E872A99A0D4684B12E73DCFF8CE3AA",
- The rest of the "js" files looks like UUEncoded data.
- There are two more files named folders.js and profile.js.
- Folders.js starts out with "loadFolders({"09B3ABE3F34E4A34BCFCC336F75D84FC":{"uuid":"09B3ABE3F34E4A34BCFCC336F75D84FC","updated":1439340820,"overview":"b3BkYXRhMDEQAAAAAAAAAC3NQJ9d7KkiZwTCEp0ZchfjJ5eAF6HC6V7RUfObWvp\/8e6VWcL+WCFc9e35AdScob2DU2nr8iQ22gGfB9t7enONjDrLLd2LEMetp1EVyNUe","created":0,"tx":1500337949},"4C85AAD89759486CB8DBD4FF50FFEA10":{"uuid":"4C85AAD89759486CB8DBD4FF50FFEA10","updated":1277566421,"smart":true,"overview":"b3BkYXRhMDExCQAAAAAAAHzx9LnK8Kusp21Oe3RGi37Nv9xE6ubVL\/oHIxgnxZz2tHy"
- Profile.js starts out with "var profile={"uuid":"08F7DE3206A6449FBC76DE59C1764560","updatedAt":1448331482,"passwordHint":"","masterKey":"b3BkYXRhMDEAAQAAAAAAAMqretueUcN68wZofeV5\/1zQxCkmzaFn6p9xPGL+zDSSuNv+zrsJyX\/qNqKGwJi47tdnQAZu\/vIqhoFVnWuINkMIz1VMxwRJ9zQAerSq7yBAIUoCqRt0ZFVeC"
The reason why I am asking in the 1P forum is that some of the content appears to be related to a program like 1P because is has masterKey and passwordHint in the text. However, I understand that these are not very strong correlations to your product, and may have nothing to do with it.
Can you shed any light on this issue?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Ok, good to know. However, I don't know why it was found in a folder named "default" outside of my keychain file on a backup disk. My vault is a macOS package file named 1Password.opvault stored in Dropbox.
My best guess would be that somehow the package file got opened and I saw the "default" folder, without realizing it was from the 1P package and thought "I better make a copy of this", which I did. So I ended up with this extra copy of the default folder. All the files are dated 24-Jan-2020, so it is an old copy.
I am thinking there is no reason to retain this extra copy. The 1Password.opvault is kept in my Dropbox and synced from there. I have some other backups of it, and the extra one from months ago serves no purpose.
Do you agree with this thinking?
0 -
I do agree with that line of thinking, yes. :)
Ben
0 -
I believe we should close this topic.
0 -
We generally don't close threads until they've been inactive for 6 months, at which point they are automatically closed in bulk. But if you'd prefer we close it, since you started it, we can do that. :)
Ben
0
