"Ideally you should pick a good master password at the outset and never change it." why?
In "Toward better master passwords" it says "Ideally you should pick a good master password at the outset and never change it." The implication seems to be that changing your password weakens your security. I would like to know if this is true or just an oddity of the explaination. If i generate my master password using diceware as recommended and later decide to generate another the same way simply because i want a different passphrase is there really any reason not to do this beyond having to remember a new password?
thanks
Comments
-
Well spotted, @ahaswell!
There is a marginal case in which changing your Master Password weakens your security. There is another discussion of this somewhere on these forums which I can't find at the moment, so I will sketch the situation.
When your keychain is created a truly random encryption key is generated, and that key is used to encrypt your data. Let's call it your master key. The master key does not change when you change your Master Password. Your Master Password is used to encrypt your master key, and your master key is used to encrypt your data.
So if an attacker can get hold of an "old" copy of your encrypted master key, they can attack that by going after the old Master Password. If they get hold of a copy of a new copy of your encrypted master key, they can attack that by going after your new Master Password. So depending on what an attacker has access to, a Master Password change can increase the attack surface.
That other thread goes though why we had to make this security choice (there really are good reasons for it), but for now I will just point out that other high security tools, such as SSH and PGP, use the same sort of mechanism. The actual key doesn't change with a password change, but how that key is encrypted.
0 -
Thankyou for yor reply, I will try to find it because I would like to understand it better. I guess then the way to change it is to make a new vault and move all your data...?
0 -
On behalf of jpgoldberg, you're welcome!
You're correct. The only way to completely re-encrypt your data with a new master password and new master key is to start over with a completely new vault and import your data.
Please let us know if you have any other questions.
0 -
actually I have a quite weak master password. backups are on external hard disks. and there are some on my internal hard disk created by 1password itself.
I plan to change to a better (diceware) master password, in addition changing "real" critical logins within my actual vault afterwards.
do I understand right:
an attacker
a) without access to my old 1password vault backup files has to crack the better/new master password?
b) having access to these older files on my external backup drives / internal drive (containing the quite weak encrypted master key), he can crack the actual vault with both the old and new master password - because the master key stays the same?
request
please give a hint how to "start over with a completely new vault and import your data".
thanks a lot.
martin0 -
just a few minutes ago I found this. still valid for 1password 4.x?
the command "exporting to a .1pif file" still exists ...
http://discussions.agilebits.com/discussion/comment/28539/#Comment_28539
0 -
Hi @Martin59,
I'm so glad you found the original post! Thanks for sharing.
If you do want to create a fresh vault with a newer, stronger Master Password, then you will need to export your database and start fresh. Here are the instructions for Starting Over.
I hope this helps, but we're here if you have any further questions!
0
