Encrypted info
Comments
-
Take a look at this knowledge base article:
particularly the section near the end Individual Entry Contents.
You may also be interested in these knowledge base articles:
Can I switch to OPVault from Agile Keychain?
Stephen
0 -
Hi @jackiam,
I've just looked at the .sqlite file on my machine and I'm not seeing anything in a plain text state, can you detail what you did to find this please.
0 -
Website names showing up in the .sqlite file
0 -
Hi @jackiam,
I can't explain it I'm afraid as I can't replicate it. I'm using
grepon both a dump of the .sqlite file and the .sqlite file itself and neither are showing anything for items I know to exist in there. I know certain information is visible from within the .agilekeychain but this was a design decision, one Stephen_C covered with the supplied links. Still, that's the sync container and not the .sqlite file so I'm at a loss.0 -
The file I'm talking about is if you backup the 1password in the iOS app then move the backup folder from iTunes to your computer and extract that folder. There is the SQLite file.
The website names, urls and titles of password category's are keep unencrypted.0 -
Please help
0 -
Hi @jackiam,
Well I'm extremely surprised. The SQLite database file is meant to be identical between Mac and iOS, indeed you can even use an 1Password for iOS backup to restore a new copy of 1Password for Mac. Instead I find they differ.
Now I couldn't find any URLs in plaintext but the titles of the entries are and I am as surprised as you. This isn't the case on a Mac and it shouldn't be on an iOS device. The fixed category titles are in plain text but as they're hardcoded into the application I don't see that as a leak of any kind. The titles is a different matter though.
It is reported and I shall be making sure the iOS team are aware as soon as they're in the 'office'.
ref: OPI-2690
0 -
Thank you
0 -
I apologise it took me that long to replicate your findings @jackiam and thank you for reporting this to us. The devs are aware and will be investigating.
0 -
When will this be fixed. Because this is not a small issue. Decrypted user info not including passwords easy to get if you have the device in a unlocked state.
0 -
Hi @jackiam,
I can't give a precise date as to when the fix will be publicly available. What I can say is the issue is deemed critical and the iOS dev team is aware (I did so as soon as they were in the 'office'). I can't guess at how long it will take except to say the cause needs to be identified, corrected and then we need to ensure the fix is good. Even at that point there is still the Apple review process to pass and depending on queues I've heard it can even be a couple of weeks, although that may represent the busier periods.
We are not treating it as a small issue and it will be fixed as quickly as we can manage.
0 -
Ok thank you.
0 -
We appreciate you letting us know about the issue, jackiam!
0 -
Do you have a estimated date when this will be fixed?
0 -
Any news if this bug is fixed?
0 -
@jackiam As noted in our email communication regarding this issue, it is still an open bug marked as critical. It has also been assigned to a developer to be fixed and we are hoping to get it into the next release. No promises, as sometimes bugs can be harder to squash then first thought. ref: MCV-59765-947
0 -
thanks
0 -
:) :+1:
0
