My 1Password master password is stored in my devices?!

jfm
jfm
Community Member
in Mac

Experiment:

1) Disable iCloud sync in device A
2) Change your master password in device A
3) Enable iCloud sync in device A
4) Access 1Password in device B (old master password)
5) Enable iCloud sync in device B; you will be asked for device A's master password

At this point you can create new entries in your repository from either device and they will be kept in sync. The thing is, device B still uses the old master password to open the 1Password app, so the only way to really access the iCloud copy (which it does without a hitch) transparently is to use device A's master password, which is the one used to encrypt the iCloud copy. This has to mean device A's master password is actually stored in device B.

Is this correct? I was under the impression that the master password was not stored anywhere (except during a session)?

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @jfm‌

    The situation is more complicated than that but no, your Master Password isn't stored.

    The fact is we don't encrypt your data using your Master Password. Counterintuitive I know but instead what we do is we create a bunch of very long keys. We use each key to encrypt some of your data and their length is partly where the strength behind the system is. Of course we still need a way for you to access your data so what happens is these encryption keys are kept in a small file and we encrypt that file with your Master Password.

    So when you type in your Master Password you're actually just unlocking one small file and then we use the contents to retrieve your actual data.

    Why do we do this? the encryption algorithm is important but so is the key used. The more data you encrypt with a single key the more likely something can be inferred. To truly appreciate this you'd probably want to read a book on the history of encryption, however it really can be an interesting read if you do.

    Anyway, when you change your Master Password the encryptions keys don't change, instead the file containing these keys is encrypted with your new Master Password. So even if you change your Master Password all of your data doesn't get encrypted again.

    So if you're syncing to a sync repository for the first time you need to supply the Master Password that allows you to decrypt the encryption keys so you can load the vault with all of your data. Does that make sense?

    We do have a bug though that if you have a sync in place that a Master Password change isn't being pick up by all devices and that the old Master Password can continue to work. The reason that is possible is because again, the very long encryption keys don't change when you change the Master Password. So if a device for whatever reason doesn't think the encryption key file has changed it will continue to use the locally stored copy of that file which of course, because the keys inside don't change, will still work.

    Don't forget, when you submit a password to a site you're being authenticated by comparing your password to what they have stored (which should only ever a salted hash). When you decrypt something you're supply the key to do so, the only way you know it is correct is if it decrypts the contents correctly.

    That explanation was maybe a little rushed so if I've caused more questions than I've answered please let me know and I'll do my best to expand the weak bits.

  • jfm
    jfm
    Community Member
    edited December 2014

    Thanks for the explanation. I have a follow-up question: If what you're saying is true, how are those "very long keys" imported securely the first time a device is added to the iCloud-synched device collection (Step 5 in the example). Do you store the "small file" containing the "very long keys" in the cloud, encrypted using the first device's master password (Step 3 in the example) so that the new device can download it and decrypt it locally, then re-encrypts the (now local) copy with the device's master password?

    Would this mean the keys themselves are stored in the cloud?

    Thanks,

    jfm

  • jpgoldberg
    jpgoldberg
    1Password Alumni
    edited December 2014

    Yes @jfm,

    The encrypted keys are stored with the data in the cloud. They are encrypted with keys derived from your Master Password. Your Master Password is not stored, but knowledge of it is required to be able to decrypt the keys that are used to encrypt the stored data.

    You can read about the gory details of the key derivation, but that is a highly technical document. It might be more useful to get a sense of how well protected that is against automated password guessing by looking at this blog post: Crackers report great news for 1Password 4.

    I know that all of this indirect encryption from Master Password to your data can be confusing. There are good reasons for it (It's best for keys to be completely random instead of derived from a password; we actually need multiple keys; we need to make Master Password changes safe, etc). So I remember all of this with a song:

    Each item key’s encrypted with the master key
    And the master key’s encrypted with the derived key
    And the derived key comes from the MP
    Oh hear the word of the XOR
    Them keys, them keys, them random keys (3x)
    Oh hear the word of the XOR

  • jfm
    jfm
    Community Member

    Haha... Thanks jpgoldberg, I read the technical document you linked, it was clarifying.

  • Ben
    Ben

    Great, glad to hear that helped. Thanks for the follow up. :)

This discussion has been closed.