Idea for Master Password Recovery
Your blog mentions that data accessibility is often neglected as a security feature. So you are hesitant to use 2-factor authentication partly because it increases risks to data accessibility. You also don't have a backdoor (which is good! I might not trust a company with my data if their employees can access my database at will) so users who lose their master passwords have no way of getting their data. I'd like to suggest CloudSafe.com's solution for these problems:
"CloudSafe cannot recover your password. But if you name up to 4 of your verified contacts as password recovery helper we will encrypt your private key with their key. The moment you need to recover your passwords you will need the help of at least two of your password recovery helpers.
They can only decrypt part of your private key - and only when you start the password recovery process."
I think this is an excellent last resort option. It'll help people access their database after losing their password, while still allowing users to trust Agilebits since they're still no backdoor. At the same time, it'll lower the barrier to implementing other features that many power users want, such as 2-factor authentication.
Comments
-
Hi @BiomedEngineer,
This is a very interesting idea. We'll look into it but there's a reason that CloudSafe can do this and that is, they're storing your data in the cloud and have the user accounts system in place, so they know the encryption keys for all four users. We don't do either one, which is why it wouldn't work out too well. We can work around it by using Dropbox but I'm not sure how well it'll work.
I'll ask Jeff for his thoughts and hopefully, he'll share it here as well.
0 -
That is really great @BiomedEnginer
This is an example of "key splitting" which is a really cool thing (and indeed it's one of the things I've been looking at in another context).
I'm going to talk about this in terms of keys, not in terms of Master Passwords. I'm also going to keep the keys in these examples really short, because it will be useful to write these in binary.
Let's suppose the number is 154 in decimal notation, which would be 0b10011010 in binary (and 0x9a in hexadecimal). The "0b" at the beginning says the rest is binary; the "0x" says the rest is hexadecimal.
So we've got a cryptographic key, 0b10011010, lets call it "k".
We want to make sure that we have a backup for it without actually giving the k or even a hint of it to anyone. So what we will do is pick a purely random 8 bit number using cryptographically appropriate random number generator. Lets say you get 61 or 0b00111101. Let's call this "a".
You give a to Alice. a in no way helps Alice figure out your key. It's just a random number. But now we create another number by XORing k and a. This is written "k ⊕ a". XOR is just binary addition with no carrying. 0 ⊕ 0 = 0, 0 ⊕ 1 = 1, 1 ⊕ 0 = 1, and 1 ⊕ 1 = 0.
So in this case a ⊕ k will be 0b10100111, which in decimal is 167. We call that "b" and give it to Bob.
Just like Alice, Bob has no advantage in figuring out what k is based on b.
But XOR has a number of cool properties that make it absolutely central to building cryptographic functions. It is associative, (p ⊕ q) ⊕ r == p ⊕ (q ⊕ r); anything XORed with itself works out to zero, p ⊕ p == 0; and anything XORed with zero is just itself, p ⊕ 0 == p.
So now let's look at what a ⊕ b works out to.
a ⊕ b [where we are starting]
a ⊕ (a ⊕ k) [remember how we made b]
(a ⊕ a) ⊕ k [associative property]
0 ⊕ k [anything XORed with itself is zero]
k [anything XORed with zero is itself]So while neither Alice nor Bob have any information on their own that can help them figure out k, as soon as they get together they can XOR a and b to get k.
Now there are some clever tricks to set this up so that you can get things like three out of any five people can recover the key, and of course people don't deal with keys, they deal with passwords. So there needs to a some complicated software to manage all of that, but that is the essence of key splitting.
The underlying cryptography for key splitting is dead simple. But getting systems usable by humans is much much trickier. So although I really like this idea, I don't really anticipate seeing this in 1Password in the short term. But you never know.
For now however, just do something like put a copy of your Master Password in a safety deposit box.
Cheers,
-j
–-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.com0