But is it secure?
Comments
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Warning No formatter is installed for the format ipb0
-
Hi J (and any other AB moderator),
I am posting because I would like to ask for an update regarding when we customers can use 1P, completely and securely, as it is intended. To do that, we need to be able to use the v4 new Cloud Keychain format. Thank you J for the detailed information.
I am not trying to inflame, but when I refer to using 1P completely and security - I mean just that. A specific example is, when I learned of this design decision (imo, a flaw) in late 2010, I immediately ceased using the location field for anything other than sites I could not care less about someone knowing I visit. I also stopped using the Title as one normally would; for example instead of MyRealBankName, I might title it Bank1 and then remember which one that might be (after all I could have more than 1). I probably do not need to go into the why, but in short - if a person knows the name of all of your banks, places you shop, social sites you use and so on, they do not need to try to crack 1Passwords encrypted password. They know all of the places you use and the locations. It makes social engineering much much easier and also enables someone to see you use a known insecure site to then focus their attention on that one knowing they can compromise it, perhaps get a credit card number which can then be used to cause havoc like the whole Amazon/ Apple fiasco.
In Dec 2010, I hopped into a discussion on GetSatisfaction regarding partial encryption. At the time, there was a dismissive nature about it. But the topic picked up steam from customers and would be customers. In Jan 2011 AB (and I think it was you J) indicated the data format would change and that it was needed particularly since the Cloud aspect changed the vectors. The discussion also moved over to the AB forum of the time.
In an April 2011 blog post (but there were more forum discussions leading up to the post), it was first openly shared the format would be changing to "have even more of your data fully encrypted, with the remainder well obfuscated." as well as the increased number of iterations (which has occurred). Other "under the hat" options were referenced.
Why am I bringing this up? The main reason is - I want to fully use 1Password securely and I think customers deserve that too. Most people do not drill into encryption or even think about attack vector scenarios. They simply trust AgileBits. That trust is partially why I felt compelled to post this today. When looking to see if there were updates regarding Cloud Keychain support, I saw this reply from MikeT to a potential customer "Before purchasing I have a few questions" . There were many questions/ answers but here is one that makes my point.
Question:
- Can i make a backup of all my data on local PC in simple format, where i can read my passwords ? Is our data secure on your website ? Please let me know detailed answer before I make purchase. Are all my website passwords stored in same plain text on your servers ?
Answer:
None of your private data, especially username/password are stored in clear view anywhere. It's all encrypted with AES encryption among other security features. You can find out more by reading our keychain design document.
Your backups are also encrypted with the same encryption. You can choose to export your data via text format (CSV) or 1Password Interchange File, which is the decrypted output of your 1Password data and can be imported in other tools if they support it.
In addition, your 1Password data is always stored on your computers locally, we do not store or host your data anywhere. You may choose to sync your data with Dropbox, which then would place a copy of the encrypted data file on Dropbox's servers.
I am not trying to pick on MikeT but that is clearly not an accurate answer; there is not even a way that it could be without Cloud Keychain format (which this is not since it is referring to a local computer etc). Sure, MikeT gives him the link to read more about the Agile Keychain - but how many will just trust "None of your private data, especially username/password are stored in clear view anywhere." That is just not true. Some people use title to store things like some number like a credit card number or employee badge number, and then the username and password for pin and second question. Regardless, title, location etc is private data.
So what do I want and why am I bringing all of this up. Again, for the reasons cited above and ultimately want at least an estimate for when we customers can expect Cloud Keychain support on not just iOS, but Windows and OSX? I have seen some moderators/ admins write pretty soon and things like that - that is not what we deserve. Give us real information. If there is a beta available - let me/ us know. I would be willing to risk breakage and report any issues. I have licenses for 1P for iOS, OSX and Windows. I am happy to be a guinea pig.
I personally have been waiting for over 2 years and it has been publicly promised for nearly 2 years. Support for v3 software was stated as well, which means there should be no reason it is not already available for all existing customers. Give us the option to choose the data format or to upgrade the existing.
In the same way we customers deserve to know a timeframe, especially after being promised this in 2011, we also deserve answers that can be trusted (so do potential customers). The response by MikeT is one of many where the easy response is that everything is encrypted when that is just not accurate at this time. I wish it were.
Given the effort to link and reference, cite discussion timelines and overall the issue with Agile Keychain - I hope it is clear that I am not trolling or bashing 1Password for sport. I have much better ways to spend my time.
I love the promise of 1Password, the design and cross platform potential. Unfortunately, that promise is flawed. Two plus years ago I was excited to see that AgileBits respond to concern expressed by customers. But after two years+ we get an iOS app (that was a paid upgrade lets not forget) but no timeline or even goal about when the Cloud Keychain can be used across platforms.
If an answer about when we can expect Cloud Keychain compatible OSX and Windows releases (even in beta form for those that choose), it pains me to say that it appears the promise of the new data format, v3 support and all the coming soon (some of which was well over a year ago) was nothing more than a means of stringing us customers along, and even more disturbing, perhaps using it to milk us for the v4 iOS upgrade. A timeline or goal date, without a cutesy pretty soon, soon, coming soon, not long now - would go a long way. Right now, those responses could mean a year+ still.
Regards,
Ben0 -
Hi Ben,
I remember those discussions back in the GetSatisfaction days! You've asked about a lot of things here, so forgive me if I only address a few of them.
The short answer is that I can't make any promises about when the Cloud Keychain format will be rolled out to other platforms, but it is something we are working on intensively.
At the moment, as you know, it is iOS only and so we've taken advantage of avoiding confusion by limiting that to iCloud syncing, but the Cloud Keychain format will be rolled out to other platforms.
As you note, the wait for the Cloud Keychain format has been a long wait. This is one of the reasons why we never make promises about when things will be released. It's also part of why we very rarely announce features before they are delivered. Our promise back in 2011 about a new data format was a rare exception.
At the time of the April 2011 blog post we still didn't know if we could manage to encrypt everything or whether some data would just need to be well obfuscated. Roustem had a cool idea, but we weren't sure it would work. Happily it did and we are able to actually able to fully encrypt the Location data as well. We knew what we wanted to do, but were reluctant to promise things until we were certain that we could deliver it. That's why the "or obfuscated" hedging is in that old blog post.
The trick, by the way, is the separation of an item overview from the full item details. This allows us to decrypt part of every item as soon as the Master Password is provided. This way items can be looked up quickly without us having to have massive amounts of data decrypted. We had to experiment to see whether this was computationally practical on the devices that 1Password runs on. We really don't want launching 1Password to drain your iPhone battery.
I suspect that we've already pointed you to the document that explained why we didn't encrypt Title and Location when we first designed the Agile Keychain Format.
http://help.agilebits.com/1Password3/cloud_storage_security.html
Anyway, there are other reasons why it took more than a year to go from that particular public promise to where we are now (new format only available on iOS). One was learning the importance of authenticated encryption, another is that we needed to change the ways that the browser extensions interact with the 1Password data files. So the complete rebuild of the browser extensions that was rolled out in the Summer of 2011 was part of the data format redesign.
And as I said here, we don't promise a time line. What I can tell you is that a version of 1Password for Mac which handles the Cloud Keychain format is being very actively worked on. Windows is also being worked on, but not with the intensity of focus that we see on the Mac at this point. So while no time line, it is very likely that a Mac version with Cloud Keychain Support will precede a Windows version.
It's hard to word our brief description of Agile Keychain security. A brief one-liner will often say "your secrets are well encrypted", but one has to read further to see exactly what is meant by "your secrets". I don't have the words to express how happy I will be on that day when everyone is using the Cloud Keychain format and the confusion about that will go away.
Again, no promises about timing, but we are in a nice position now.
- The format is done
- It's been getting positive comments by the cryptographic community at large (instead of just the ones we consulted privately before release)
- We see that it works, and have been tuning things about syncing operations.
- We've got code that supports it.
So yes, you still have to wait before the Cloud Keychain format will replace the agilekeychain format, but we are much further down that road. And now you see exactly what it is that you are waiting for, although I don't know if that makes the wait easier or harder.
Cheers,
-j
–-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.com0