Is it safe to use WiFi Sync (Windows-iOS8) in my university halls? VPN? Eduroam & Hotspot available.

I was wondering how safe it would be to use WiFi sync between my Windows laptop and my iPhone while using the WiFi in my university halls. If I understand it correctly, 1Password data is generally stored locally, rather than on a server, but when using WiFi sync relevant data packets would be vulnerable to snoopers on the network, if they were able to copy and decrypt. Is this something that I should be worried about? Is there any way of getting the sync to travel through a VPN? I have TunnelBear on both the phone and the computer, I'm just not sure if it would actually be protecting such an operation (I'm a little new to VPNs).

Any advice on this would be much appreciated, as (apart from Eduroam, which I'm not sure I really understand) I only have access to the internet through public hotspots for weeks at a time when I'm there. :scream:

Comments

  • svondutch
    svondutch
    1Password Alumni
    edited August 2015

    @snapsnap Good question! First of all, what we sync via Wi-Fi is your encrypted data (this is why 1Password for Windows will ask for your master password -- otherwise it cannot decrypt the data coming from your iPhone). We do not sync your decrypted data.

    Then there is another layer of security. We encrypt the metadata using the shared secret (the one that you're asked to add to your iPhone the very 1st time you set up Wi-Fi sync). To be more precise, we use an encryption key that we derive from the shared secret after we PBKDF2'ed it with 1000 iterations. This 2nd layer of security is using encrypt-then-MAC authenticated encryption. The MAC is HMAC-SHA256 and encryption is AES-CBC-256.

    All things considered, I believe Wi-Fi sync is very safe -- assuming you have a long and strong master password.

    Thanks!

This discussion has been closed.