Encryption without the master key possible
Hi everyone!
I have a question regarding the encryption of the vault. The Knowledgebase states: "Passwords Are Encrypted Using Your Master Password". Which basically means that you cannot decrypt the vault without the master password.
Now, I have the following setup:
IOS app and Windows Program, sharing the vault via dropbox. Some entries are already inside the vault.
Now, I change the master password on the windows machine.
On the IOS device, I can still open my vault (using touchId) without ever entering the new password.
Next, to check for stale data or something, I enter a new account on the windows machine.
I manually sync the ios device, and the new entry is there. Still without ever entering my master password on the ios device.
So, how is that possible? This smells of a security flaw to me.
Either:
- It is possible to decrypt the vault without the master password (using some kind of internal superpassword, perhaps)
- Or the new master password is somehow synced via dropbox to the ios device
Actually, I am not quite sure which option is worse.
So could you please explain how this is possible?
Cheers,
pauxus
Comments
-
The simple answer is because "Passwords Are Encrypted Using Your Master Password" is a simplification of reality. The vault entries are not encrypted with your master password. They are encrypted with a random 256 bit key that is generated when the vault is created. This key is then encrypted by another key that is mathematically derived from your master password.
When you unlock 1Password, you enter your master password. It then derives the intermediate key, uses that to decrypt the master key and then wipes the derived key and the master password from memory. From then on, it doesn't need the master password. It simply uses the master key to decrypt items. Hence, when you create a new login on Windows after changing the master password, it is still encrypted with the same master key that iOS has open.
You might think then, that if you locked 1P on iOS then the master keys would be cleared from memory and the next time you tried to unlock you'd have to use the new master password. You'd be half right. The keys are cleared, but you can still use your old master password.
Don't ask me why, but apparently you can continue using the old master password until you enter the new one for the first time. At that point it updates something and the old one will stop working. Have a search through the Mac sections of this forum. There's several other people seeing similar things.0 -
Thanks for the clarification.
0