Cloud security

Arun H

My primary and family vault were created with very strong truly random passwords. My shared vault was then shared with family members, who, unfortunately, use far weaker passwords than I do. If someone were to get hold of a copy of the shared vault (say from a Dropbox hack) - could they decrypt the data using the weaker passwords used by those that share that vault with me, or would they need the stronger password used to create the vault? Also, if my family members' encrypted primary vaults were somehow obtained by a third party, would decrypting them provide access to the stronger password or key used to protect the shared vault?

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Cloud security

littlebobbytables

Hi @Arun H,

As with most security practices, you're only as strong as the weakest link. The full answer here is a little more complex so please bear with me.

Your vault password doesn't encrypt the contents of your vault. The reason is simple, even our strongest passwords pale to the size of encryption keys we need to use. So what we do is we encrypt a number of randomly generated encryption keys with your password. The size of the data we're encrypting with your password means the keys are as safe as you can get but in actuality it's these keys that decrypt your vault. The smaller the key used the greater the chance of information leakage which we want to avoid. This is all pretty standard in encryption so far.

So the only thing that can decrypt a particular vault are that vault's encryption keys. If somebody has vault A then knowledge of any other vault's keys or password are not enough.

Where the chain of links comes into play is that to decrypt secondary vaults in 1Password for Mac we do store the encryption keys for those secondary vaults inside your primary vault. This is only in the encrypted SQLite database file stored locally though. However, if somebody uses a particularly weak Master Password and somebody has access to that encrypted SQLite database file then yes, they could obtain the encryption keys for any of the secondary vaults known to that copy of 1Password and use that knowledge to decrypt them.

This does not apply to the Agile Keychain or OPVault containers we use for syncing though - they are single vault only and never contain anything but the encryption keys to that one vault.

Does that help at all? Given the nature of this query, if you do have questions please do ask as answering security questions is much like building security software, easy to mess up, hard to get right and it's best we make sure we're understanding each other correctly :smile:

Arun H

Thanks... if I understand correctly, someone would have to have access to the local machine to get the secondary vault keys? How then is the first decryption on a given machine done?

littlebobbytables

Hi @Arun H,

That is correct, they would require local access to the machine as that's the only place the OnePassword.sqlite is stored and knowledge of the weaker Master Password that your family member uses. If somebody uses a significantly weaker Master Password and you fear access to the local storage of that machine then there could be reasonable concern that as the weak link they would put your shared vault at risk. Only the Master Password for the primary vault would allow access to the encryption keys for the other secondary vault.

Just to reassure though, none of this would compromise your own primary vault as knowledge of the encryption keys of a secondary vault, even one you are yourself using doesn't leak anything about your own primary vault.