1Password vs Keepass: Point-by-Point Comparison
Hey Agilebits, I just recommended 1Password to some friends and I know that at least one purchased your Win+Mac bundle. They are security conscious people and have always recommended Keepass (Win) and KeepassX (Mac). I'd just like to see how 1P compares to Keepass on the following factors, both to know for myself and to address questions if they come up. I've read much of your blog where you emphasize how strong your encryption is and how you've implemented features that slow down password crackers' attempts. I'm not sure if you've talked about the other features below though.
Taken from http://keepass.info/features.html & http://keepass.info/help/base/security.html, how does 1P compare?
1) SHA-256 is used as password hash. In contrast to many other hashing algorithms, no attacks are known yet against SHA-256.
2) Protection against dictionary and guessing attacks: by transforming the final master key very often, dictionary and guessing attacks can be made harder.
3) In-Memory Passwords Protection: Your passwords are encrypted while KeePass is running, so even when the operating system caches the KeePass process to disk, this wouldn't reveal your passwords anyway. This means that even if you would dump the KeePass process memory to disk, you couldn't find the passwords.
4) Security-Enhanced Password Edit Controls: KeePass is the first password manager that features security-enhanced password edit controls. None of the available password edit control spies work against these controls. The passwords entered in those controls aren't even visible in the process memory of KeePass.
Thanks!
Comments
-
Hi @BiomedEngineer,
Those are great questions, I've asked Jeff, our Chief Defender Against the Dark Arts, to come in and answer your questions as soon as he can. He's the author of many of the awesome security blog articles and I know he'll like to answer your questions for a future blog article.
Thanks for waiting.
0 -
Hello again @BiomedEngineer,
We really really try not to get drawn into saying anything about our competitors, so I'll try to keep my comments specifically about 1Password except to note that different systems have different sorts of designs that make some features and questions moot, making some point-by-point comparisons tricky.
For example, because 1Password has browser integration, it means that copy and pasting of passwords is not something people routinely do when using 1Password. As such, it means that we don't have the same worries about the insecurity of the copy/paste mechanism. On the other hand, a product that doesn't have browser integration has to jump through enormous hoops to try to protect that sort of information.
OK, but now down to business.
1. What hash algorithm.
SHA-256 is used as password hash. In contrast to many other hashing algorithms, no attacks are known yet against SHA-256
The short answer is that in the Agile Keychain format we use SHA1, and in its successor, the Cloud Keychain format, we use SHA2 (both 256 and 512) in various places.
The particular limitations of SHA1 are such they don't affect how it is used in 1Password, but the general rule is that once problems are found in an algorithm, we should anticipate that those problems will grow. So while nobody designing a system today should use SHA1, there is nothing wrong with older systems unless they are depending on very specific things about SHA1.
There is a great lesson on this in the history of MD5 (SHA1's predecessor). I've included some of that in an article, Flames and Collisions which steps through the real damage that can be done when the wrong hashing system is used.
Defense against Master Password cracking
Protection against dictionary and guessing attacks
I don't know if we were the first to bring something like PBKDF2 to a password management system, but this is something that we introduced back with the Agile Keychain Format and have continued to develop. You might want to read about how well 1Password Master Passwords hold up against tools like John the Ripper.
Keeping things encrypted in memory.
In-Memory Passwords Protection: Your passwords are encrypted while [the application] is running
This has always been and remains a core design principle of 1Password. The contents of an item are only decrypted when you are specifically using it (editing, viewing, or filling a webpage with it). Once its out of your sight, it's out of 1Password's mind.
This is a feature that is often overlooked by people who try to "roll their own" systems, but it certainly isn't something that we've overlooked.
Secure Edit Controls
Security-Enhanced Password Edit Controls
This is specific to Windows only, as the Secure Input modes on OS X automatically take care of this for us on Mac and iOS.
We've recently made improvements to this on Windows, but there is more work to do here to make this more secure. Again, because 1Password integrates with the browser instead of relying on frequent copy/paste, this isn't as large of an issue for 1Password as it might be for others. None-the-less, that isn't an excuse to look at how to further beef up these sorts of protections in 1Password for Windows.
Anyway, this has told me that I really need to do a better of job of making sure that it is easier to find the kinds of things in our documentation!
Cheers,
-j
–-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.com0 -
Thank you for the input Jeff and Mike. I was wondering with Secure Input on the Mac, is this why I'm not able to use TextExpander in a web password field? If so, how is 1P able to know what password I'm inputting when I click the + icon in the browser extension?
0 -
I was wondering with Secure Input on the Mac, is this why I'm not able to use TextExpander in a web password field?
Yep.
If so, how is 1P able to know what password I'm inputting when I click the + icon in the browser extension?
1Password doesn't watch your keystrokes like a keylogger. (On a technical level, that is essentially what TextExpander is: a benevolent keylogger.) The data is available in the DOM.
0 -
I'm switching away from 1password now, so I think your friends will regret going in the other direction.
They claim to have such great security, but when I opened up one of the supposedly encrypted files in notepad (try it for yourself) all the record titles were visible in clear text. I asked about this and was told that they use the mac keychain and it only encrypts the value not the keys. Wouldn't someone concerned about security not want people to know which banks you have accounts in and what things you have all saved in here? The security of this app doesn't seem that good to me.
And security is just one aspect of the app. Usability is another. I just spent an entire day running into various errors on the mac and iphone versions of both latest versions of 3 and version 4 of the apps on IOS and lion.
If you primarily use the iphone app, as I do, it is incredibly painful to export your data, which is essentially held hostage in this proprietary format. I have used 1password for years and have thousands of records, and there is no way to export them that works. You have to sync with a 1password mac or pc version, there is no way to export directly from the app, and the wifi sync only works in certain network environments, and Dropbox syncing is fraught with bugs.
If you value your time, and time is money, you are better off entering your passwords in excel and encrypting that file using PGP. Simpler, you have control over your data, and there are no problems syncing. Dropbox does all the syncing for you, you just save a file to the dropbox and it syncs on it's own.
I wasted an entire day just messing around with this software to upgrade from one release to another.
All I can tell you is this option has a lot of limitations and the software is pretty buggy, just read the kinds of things people are having trouble with in the forums. It's basic, essential features like being able to access your data.
But go ahead and try it out for yourself. After some experience with it you might realize, as I did, that it is not worth the effort to take this approach. I am not saying keypass or other options out there are any better, the designers in this field seem to universally lack common sense about usability or security.
But if you care about security, there is more.. this app phones home. Who knows what it's doing - you need to trust what the company tells you on that one, but if you install a network sniffer and check for yourself you'll see this app communicates outside your network, which for an app like this, I feel it has no good reason to be doing.
Over the years I noticed a number of significant flaws like this, so my impression of this company is that they have nice looking marketing and they comment everywhere on the internet about the security, but it doesn't look all that good to me. I'll admit, I have not tested their cypto, which I heard claims someone did and it was ok. I am just skeptical they did a good job with this because I noticed many things that are just a blatantly bad idea that they do, like communicating out to the internet, cleartext titles, etc.
Also, I can't help but think to myself, if software is this buggy, how good can it's security possibly be?
0 -
P.S. I have been researching what else I can use and the new thing I decided to try out which I found is called SafeMonk. Check it out, it's pretty cool.
It's not at all intended to be a competitor to 1password, it is just encryption software made to work with dropbox, it can encrypt any kind of file, so you can just have your passwords in an excel spreadsheet and save them in that folder and it will take care of the rest for you.
This way you don't need to trust dropbox either. I have been knocking 1password here a lot so to be fair I'll point out that 1passwords security is awesome compared to that of dropbox.
Dropbox has security so awful that recently (this October) a researcher discovered that a version of dropbox had a coding bug that when they reverse engineered the client they found everyone's accounts were left completely open to an exploit that allowed anyone to access all anyone else's data, and it wasnt fixed until hours after he reported it. On the open internet. But the bigger issue is this happens all the time, and they have been having problems for a long time, and it's still the same old story. Check out these exploits from a year ago for example:
http://www.networkworld.com/news/2011/081711-dropbox-249830.htmlSo, dropbox security is a joke, and I hope no one interprets my comments and complaints above as supporting doing nothing and just saving a text file with your passwords on dropbox, because that is NOT what I meant. 1password is much better than that (but far less convenient).
0 -
Hi @Gaffe,
You raise lots of important issues, although most of them have been addressed before, so please forgive me if I direct you to other discussions, so that we can consolidate discussion of a single topic in one place.
Some sensitive data not encrypted
It's not at all your fault, but I do sigh like a bowl of petunias when yet another person "discovers" that Titles and Locations are not encrypted in the Agile Keychain format. You have "discovered" something that has been documented and discussed from the beginning.
I would like to direct you to the long running discussion thread on this where we are trying to consolidate the discussion. It has links to the documentation and lots of open discussion.
I should also point out that the successor to the Agile Keychain Format does encrypted Title and Location (and much more).
Export from iOS
it is incredibly painful to export your data, which is essentially held hostage in this proprietary format.
Your data is yours, and we don't ever want you to feel locked in. But
it is true that there is no direct export from iOS. A lot of this has
to do with iOS sandboxing and where such an export could be written to.So in practice the way to export is to sync the data with Dropbox or
iCloud. From there you can either use 1Password on a desktop (including
a free trial download) to export, or you can use a third party tool.Let me emphasize that one of the reasons that we have documented our
data format is to prevent lock-in. This is discussed in "You have secrets; we don't".Rolling your own
If you value your time, and time is money, you are better off entering your passwords in excel and encrypting that file using PGP.
This, by the way, is what I did prior to switching 1Password (though
not Excel). But there are a number of things to keep in
mind if you attempt that, which people often don't think about: Automatically saved files, amount of data
decrypted at once, key derivation (for example, PGP using just 2000
rounds of PBKDF2), etc.Trusting Dropbox
1Password encrypts your data, so the extent to which you need to "trust" Dropbox is limited. Of course at the moment, Dropbox synching is limited to the Agile Keychain format, so we cycle back to the fact that it does expose sensitive information.
In general, we designed 1Password with the expectation that some people would have their data stolen, whether it is from having their computers stolen or whether from some sync service. 1Password provides end-to-end encryption. The data is encrypted with (keys derived from) your Master Password. Nobody can decrypt without your Master Password.
I do think that you've mischaracterized some of the Dropbox security bugs, but we should work under the assumption that any sync service will be vulnerable to authentication breaches, whether from the outside or from the inside (eg, PRISM). This is why we use end-to-end encryption.
I'm fairly sure that I haven't persuaded you that 1Password is the right choice for you, but I do hope that I've clarified the major points that you raised.
Cheers,
-j
–-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.com0 -
Thanks for engaging in the discussion, I appreciate you sharing your thoughts.
I was pretty upset at the time I wrote all that and so I was perhaps overly negative. So first let me first say sorry about that and I appreciate that you guys did take the time respond to all my support requests.
For the record, I was (eventually) able to get all my data, and your customer service deserves high marks. Also, despite my frustrations, I have gone back to using the new version of your app after all (for lack of a better solution).
About #2, I am sorry but I think everything you said there is exceptionally misleading, here is why:
1. You said to export via dropbox or wifi sync (and there is also a third method backup via web interface). I tried them all and each have a variety of problems:- IOS 1password Pro version 3.7.2 which I entered all my data into, has an error exporting to dropbox and fails silently, leaving users to discover, as I did, that the version of their passwords stored on dropbox were very out of date. The reason for the error seems to be a change in the dropbox API, so this is something that can happen again in the future in new versions of 1Password as well.
- The backup file created from the IOS save backup method gives you a file in a strange encrypted format which no desktop version of 1password can open, and does not seem to be in the open data format you are talking about (correct me if I am wrong here, I didn't verify this in detail).
- Wifi sync is how I eventually got it to work - but you can only sync with the old software version that corresponds to the IOS version you are running, and it requires a wifi network with IGMP enabled and connections allowed from the wireless public side to the wired side of their network where people have their computers running 1password (and this does not work properly by default due to bugs in my Verizon provided FIOS router).
I also (fruitlessly) tried a "sync" tool you have that claims to be able to sync IOS via USB - but this does not in fact sync, but rather copies only one way - from the computer to the IOS device.
So as you can tell by the size of this response, it takes quite a while to even figure out how to do all this, and downloading and install various versions of your software are reconfiguring your network, before you can even get the data into ONE version, then having to export and reimport it, is not what I think anyone would call an easy upgrade process.
By the way, when you install the IOS app, there is yet another bug where in the old version of your app it puts in a popup that asks you if you want to import into the newer version, but when you say yes, it does nothing. Every time I open my app it continues to do this, and every time I hit upgrade it does nothing.
It also bears mentioning that if, like most people, you installed 1password trial already and it now expired, and you don't have access to another desktop, you are S.O.L. with all these methods until support replies to you and grants you a temporary key (which your website says they will do if you ask because you guys are nice). I was locked in yesterday until I paid you to buy the new version of your software so I could get my data. I bought the new IOS app because it advertised you could upgrade from the previous one, but that feature doesn't work.
Your suggestion that your data is yours and you can get to it easily is was not my experience yesterday with your product at all. In fact without being able to downloading the desktop app or get a key from your company, you cannot get your data from the IOS version at all via any of these methods. So, this #2 you wrote kind of upsets be a bit all over again so my next points might not be as polite, sorry about that...
- There is no good technical reason why you cannot export from IOS, other apps do it all the time. The IOS sandboxing you bring up is a red herring, you can still cut and paste text out, email it, or any number of other approaches that other apps use to export data, such as directly exporting files through itunes sync, etc.
About #1, the argument you make sounds awfully like "you were not the first one to discover this flaw and that's how Apple chooses to do things with the keychain so somehow that makes it ok for us to store some of your data in the clear". Wow that is some awesome marketing spin but doesn't fly with us real software developers. No matter what you say about it, it's not ok to store data people enter into your app after they have entered a password in the clear, which suggests to them it will be protected. Your a password app. People except that what they type in will be encrypted. All, not just some of it. Period. You can't make excuses for it, just fix it unless you want to keep hearing about that forever from other people just like me because some of us think that is pretty ridiculous.
Anyway I wish you luck and lots of future improvements.
You guys will do alright, but try to spend more effort on fixing bugs and you'll save yourself a lot of marketing and support. Anyway, to summarize everything for you my entire post boils down to "Not having a way to export to text from your IOS app a huge pain for your users". Knowing you guys you probably read all that and came away with "software developer sticks with us for years because our app is the best password solution out there"! That's one way to look at it, I guess.
0 -
P.S. Since you don't seem to think dropbox security is that bad, you may want to read what other people have to say about it:
http://www.engadget.com/2012/08/01/dropbox-confirms-security-breach-new-measures/ http://www.zdnet.com/dropbox-gets-hacked-again-7000001928/
http://www.businessinsider.com/researchers-prove-dropbox-can-be-hacked-2013-8Dropbox's response to that last most recent article is the most disturbing. Those guys bypassed many levels of dropbox security and their response was dismissive as 'well you had to have access to a clients computer to do that'. They managed to reverse engineer your source code! One client is enough! Now with that knowledge people can exploit other clients. That's still bad.
0 -
All of what you said are fair points.
I'm not sure what happened with your transition from 1Password 3 to 1Password on iOS that resulted in (near) data loss. You, and anyone, would be absolutely correct to very very angry about that. Data availability is as an important part of data security as data secrecy and data integrity.
I wasn't trying to be misleading or evasive in my comments about export. I had genuinely misunderstood what your concern was. My response I was focusing on "proprietary" with the threat of lock-in, and so I was pretty much answering the wrong question. To answer the right question: Yes, we need to do a better job to ensure that iOS-only users don't lose data.
You are also right that we will and should keep hearing about the unencrypted data in the Agile Keychain Format until we've got everyone moved migrated to the new one. I do wish that when various bloggers make this discovery they would at least take a few minutes to see if it's been noted before and what we've said about; but that doesn't apply to you. But it was wrong of me to take out my frustration with them on you.
I really appreciate what you've said about the support you've received in trying to get the data successfully moved over. Please continue to criticize and keep an eye on what we do and say.
I should probably start a new discussion thread for this, but I need to head out the door now, so let's do it here:
What would you like to see data export from iOS look like?
Cheers, -j
0 -
Practically, if you just tweak the wifi export backup feature you already have in IOS to export to a 1password interchange format or CSV and that would do the trick (instead of whatever it is exporting to now which not even 1password desktop or other versions of 1password seem to want to import from).
Ideally, if you want to be more serious about security, and if this is practical, have both the IOS app and the desktop still use the same format but have that format not be in the clear - always export to an encrypted backup file format, like a CSV inside an encrypted DMG for example.
Now look, I understand you probably chose the overcomplicated keychain format to store records by default for a reason, it may very well have a more secure encryption implementation, but still when you export to CSV or 1pif or something whose purpose is to be easily accessible and open as you say you want to be - some security is still better than no security (which is currently the default). Encrypting those formats you already use with any opensource or freely available tools built into the OS or even something like the new zip encryption which people can freely download software that will open that easily, I think would enhance security and that would be ideal, if you ask me.
But whatever, like I said I would have been happy even with just the normal CSV export (when I say CSV I mean or tab delimited or whatever you want, as long as you escape characters properly in whatever format you use so that when there are thousands of records and some records contain tabs or commas that can open correctly in excel or some software that supports those standards correctly). You could use XML even, or JSON, any normal, standard, open format and people probably won't complain.
0 -
I found this project:
https://github.com/mstarke/MacPass
MacPass is a KeePass version that is made for Mac. I will keep using 1Password, but it's good to know there are Mac-focused alternatives in case AgileBits disappears.
It looks very standard OS X:
0