Read first: Previous version support information

Security: Master Password Change and Dropbox History

luz
luz
Community Member
in 1Password 3 – 7 for Mac
Warning No formatter is installed for the format ipb

Comments

  • jpgoldberg
    jpgoldberg
    1Password Alumni
    edited June 2011
    Warning No formatter is installed for the format ipb
  • luz
    luz
    Community Member
    Warning No formatter is installed for the format ipb
  • khad
    khad
    1Password Alumni
    Warning No formatter is installed for the format ipb
  • amgems
    amgems
    Community Member
    Warning No formatter is installed for the format ipb
  • jpgoldberg
    jpgoldberg
    1Password Alumni
    Warning No formatter is installed for the format ipb
  • juanjonol
    juanjonol
    Community Member

    The new Cloud Keychain solves this?

  • khad
    khad
    1Password Alumni

    I don't think there is anything to "solve" since it is an intentional part of the design of the data format, so I don't believe the Cloud Keychain changes anything in this regard (just like a new version of GPG won't change the fundamental model it is based on). However, I'll double-check with Jeff to confirm.

  • juanjonol
    juanjonol
    Community Member

    Ok, thanks.

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Hi all,

    The new Cloud Keychain Format has the same properties as the Agile Keychain Format in this respect. So the answer is "no". We did not come up with a way to re-encrypt all the data with fresh keys during a Master Password change.

    I hope you will forgive me for repeating that our design "solves" a number of security problems that might not be obvious. Here are a few:

    1. There is a limited amount of data that should be encrypted under the same key.

      Now 1Password databases aren't getting that big (yet), when you have a structure that allows people to add an unlimited amount of data, you need to use multiple keys.

    2. To get the full strength of 128 bit (or 256 bit) keys, those keys should be generated completely at random.

    3. To have a system where only the minimum amount of data necessary is decrypted at any single time requires separate keys for each item.

    4. Changing the Master Password should not be a process that takes many minutes during which a power failure or computer crash might leave data unusable.

    But this does leave the problem that a Master Password change does not have the effect that it might seem.

    For me the real problem is how to do have something that is simple and straightforward to use, without people needing to study the details, that works in a way so that it makes it easy for people to behave securely and hard to behave insecurely. This really is the overriding goal of what we do here. As a consequence, 1Password presents itself to people as much much simpler than it really is. In 99.44% of that cases that is a very good thing. But there are still those small number of cases where what is presented to people by 1Password can be misleading in an way that can lead them astray.

    And there is another problem. The problem is that sometimes we do have to make tradeoffs of defending against one kind of threat versus another. Although I acknowledge the downside of the choice that we've made here, it was not a tough decision. The security benefits of our design choice are overwhelming.

    I'd love to have a system that did everything, including conforming to intuitions about changing Master Passwords. We'll keep exploring ideas, but we require that any such system do more good than harm.

    Cheers,

    -j

    –-
    Jeffrey Goldberg
    Chief Defender Against the Dark Arts @ AgileBits
    http://agilebits.com

This discussion has been closed.