How does dropbox based synchronising between iOS and Mac work if passwords are different.
I currently use 1password for Mac and iOS. It's awesome and works great with dropbox. What I don't understand is how the synchronisation works between the two platforms if the master password on my iOS device is different from my Mac. I assume you would need to decrypt to synchronise the files.
Comments
-
Hi @silverdagger,
I'm actually currently working on a blog post that explains this. It's not ready to publish yet so I'll try to explain here...
Your Master Password isn't actually used to to encrypt your data. We use a much stronger key to do the item encryption. This is a random key that's created for you when you first create your vault. The Master Password is only really used to encrypt that random key. Unlocking a vault is a matter of using the Master Password you provided to attempt to decrypt the real key. If decryption succeeds, you've unlocked the vault and can use the real key to decrypt the items. If decryption fails, then the password is incorrect. When you setup sync and provide the password, we unlock the vault using the password, then we make a copy of the keys. This way even if the password changes later we can still access the data inside because we have a copy of the encryption key.
I hope this helps explain this.
Rick
0 -
Hi @rickfillion,
I guess my concern here is that this means that you somehow must maintain a database of master keys tied to customers/users of 1password, no? And thus in turn my security is only as strong as your internal key management protocols. Also, since in one way, this key "database" or collection of user keys is a somewhat "big target" for hackers, it raises concerns for me as a user. Can you talk a bit about how keys are protected by Agilebits? I realise you might be reluctant to, but if working in software security has taught me anything, it's that security through obscurity isn't helpful.
cheers
James
0 -
I think you will find the following helpful:
How 1Password syncs changes to your Master Password (the blog post referred to in Rick's post above)
How does 1Password keep my data safe? (a detailed knowledge base article)
Stephen
0 -
Hi @silverdagger,
Looks like Stephen linked to the blog post I had mentioned. In theory it should explain everything you're asking about here.
We do not maintain a database of passwords or keys to user's data. Your data is your data, and we have none of it. Precisely for the reason you mentioned: it'd make us a nice big target.
You may want to read through the comments section of that blog post as users raised some great questions in response to it, and we answered them to give additional insight into how the machine works.
Let us know if you have any additional questions.
Rick
0
