AgileKeychain design: what's encrypted and what's not?
Hi,
I was very shocked when I opened my agilekeychain via show package contents, just to see that some files store plain text keychain titles. It seems like only the passwords themselves are encrypted, but not the complete set of data, which lets thiefs reproduce the entire list of say accounts I have stored, just not the passwords themselves. I really trusted 1Password to encrypt EVERYTHING and that the keychain simply offers NO information without possession of the master password. Agile Bits, what is happening there?
Regards
Comments
-
I believe you should read this :)
http://help.agilebits.com/1Password3/agile_keychain_design.html
A new keychain format is coming:
http://learn.agilebits.com/1Password4/Security/keychain-design.html
0 -
Well that is way to technically and the details I am looking for are not obvious. I read that they keep much unencrypted but what in detail? And why? There are so many security concerns about this without even being an expert for IT security that I can't believe how nobody pointed that out so far. Why are keychain item's names unencrypted? There is no possible reason for this other than bug or security flaw. And if it is necessary for a browser extension than warn users to activate this feature and offer an alternative for full encryption. I don't mind if an update timestamp is in plain text but an items name? What do you mean by a new format is coming, I didn't read anything about that in the URLs you posted. The latest version of 1Password, 4, how can it not incorporate the latest keychain format while presenting an complete overhaul to the user? I really like 1Password for its features and integration but as I said, can't believe that there is anything in plain text that concerns my private data. People are trusting in this application,
0 -
Well that is way to technically and the details I am looking for are not obvious. I read that they keep much unencrypted but what in detail?
Details and reason, found in the first link:
As you can see, not all the information is encrypted. Most notably, the name/title of each entry (i.e. dave @ AWS login) and the location/URL are open. Having these open allows 1Password to organize your data and display it without suffering the performance hit of needing to decrypt every single item. All the truly confidential information is stored in the encrypted section of the file.
I can't believe how nobody pointed that out so far.
Many have pointed out this before, in this forum and in other places.
The latest version of 1Password, 4, how can it not incorporate the latest keychain format while presenting an complete overhaul to the user?
1Password on the other platforms (Android and Windows) need support for it as well. However, I think you get the new format today if you choose iCloud sync.
0 -
Thanks @Xe997! You were lightning fast with your answers, and they were good ones :)
The format you're using today is called the Agile Keychain format, and it's been in use for many years now (over 5). When it was originally designed performance was a huge consideration and we followed the OS X keychain's lead and decided to have secure contents and open contents, allowing us to very quickly list all your items (titles and urls) without needing to decrypt everything.
Since then machines have gotten much faster and so in 1Password 4 we created a new format that encrypts all user provided data, including titles and urls. We are forced to decrypt everything now but the performance penalty is not that bad.
We will eventually switch everything over to the new format once all platforms have been updated to support it. If you are only using iOS and Mac you can sync using iCloud, which uses the new format already. Soon(ishly) we'll be able to make it the default for Dropbox as well.
I hope that helps. Please let me know if I can clarify anything more :)
0 -
Just to add to what Dave already wrote, you may also want to take a look at this thread:
http://discussions.agilebits.com/discussion/12237/metadata-is-not-encrypted/
And Jeff's reply here about the timeline of the transition and where we are at today:
Leaving 1Password aside for the moment, if you encrypt a file, certain metadata will be available to an attacker. The creation and modify dates will be available from the file system. And the approximate length of the data will be available as well. There are techniques to conceal those, but they greatly add to complexity for a very small security gain.
Things like creation, sync, and modify times are useful for data synching in 1Password. To conceal all of that information, we would have to transfer the entire database every time the smallest change is made. A typical 1Password data file, including attachments, may be about 15 Megabytes of data. The ability to synchronize piecemeal (without the synching servers having my Master Password) means that things like modify times remain in the clear.
Each item in 1Password has a universally unique ID (UUID). These are created at random and contain no information. (You can see how this is used in the document you cite). It's an arbitrary index number. Think of it as a way of creating filenames for things without leaking any information about what is in the file.
This leaves us with folder membership not being encrypted. Some of this has to do with what folder operations we want to enable when 1Password doesn't have certain keys. It may be that this is unnecessary, and we will be able to shift things so that that is encrypted at well. Note that the real names of folders are encrypted. Folders, like everything else, are given UUIDs.
Please do let us know if you still have any other questions or concerns. We're always here to help! :)
0 -
Firstly thank you for your detailed comments on this topic, it makes things much clearer though it's not solved for me entirely. I understand that performance was one reason and organisation is the other, and that timestamps and maybe rough folder structure are visible is not really a problem for me. But iCloud is totally unreliable. I activated iCloud sync and even deleted my iOS app with its data set to sync completely new data and some items are just missing. I noticed that before, and that's why I was using dropbox. So I can choose between bad reliability and and security concerns. That is something I find very frustrating after paying some good money for this password eco system. Can you say when the new secure keychain format will be released to dropbox as well? Would you may consider introducing it a bit earlier? Or you may have some ideas to fix that iCloud sync thing, where data is just outdated no matter when last sync was. I see that there is work to be done to other versions but that happens on the costs of features of all other versions. A transition of such a format between various platform dependent applications is a challenge, I understand.
(And btw, found a localization / string bug in 1P 4 for Mac: when checking to delete iCloud data when changing sync method, the german string says like "from iCloud deleted data will be deleted from all devices that use DropBox [...]")
Update: So I got things working with iCloud with multiple delete of data on different devices until everything was fresh from the start. I hope that syncing happens as fast and reliable from now on like it was with dropbox. I know that iCloud is a difficult thing for developers and that your influence on its performance it very limited, though you may could tackle that with complete erase of data from side of the app when reenabling sync, while keeping a backup for all cases somewhere else. I don't know how many users really try to reset all there installation until it works. Thanks so far for your help and details on the topic, I hope to see the new format in all sync options soon. Beside that, keep up the good work, 1P4 is one of my most used apps!
0 -
Hi @Saphired,
Can you say when the new secure keychain format will be released to dropbox as well? Would you may consider introducing it a bit earlier?
As Dave mentioned above, we'll make the new keychain the default for Dropbox once all platforms can support it. We recently started beta testing both 1Password 4 for Windows and 1Password 4 for Android, so an upgraded keychain is on the horizon!
Thanks so much for your understanding here. I'm so sorry to hear that you've been having trouble getting iCloud sync set up - if you are still having difficulties I'd be more than happy to help troubleshoot things for you :)
0
![[Deleted User]](https://wf.vanillicon.com/v2/ffcfee3da634590245d535fd26df6e5c.svg)
