If someone can steal foder-file "My-name.opvault"

If someone can steal foder-file "My-name.opvault" possible , and can guess Master passwor
When installing 1Password ,Then in 1Password to access information at all or not.
this will not take long

If I set Master password short and simple, they tech random code to find the Master password

That AES-256bit takes a long time for many years, it will be able to decode. right?

I'm sorry, if I use the language is incorrect.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @auraskys808: If you give someone both your 1Password vault and the Master password used to secure it, they will have the ability to access its contents.

    However, if you use a long, strong, unique Master Password (which is further strengthened by PBKDF2), it will not be feasible for someone to break into your data through brute force by (slowly) trying to guess your (strong) Master Password.

    I hope this helps. Be sure to let us know if you have any other questions! :)

  • Hi @auraskys808,

    Just to expand on this, we don't store your master password anywhere. When a new vault is created, we generate the strongest possible encryption key and then encrypt that key with a key that's derived from your master password by scrambling it through tens of thousands times with the PBKDF2 algorithm that Brenty mentioned.

    For someone to crack it, they also have to run the PBKDF2 thousands of times before they can try the password to see if it works.

    However, if you use a common password like 123456, it only takes less than one second to try it and they'll get in. So, do not use a short and simple password at all.

  • auraskys808
    auraskys808
    Community Member

    Thank you for the answer :)
    Conclusion, I can understand a little

    Case 1 > Mean, if someone gets My-name.opvault all files in a folder
    they must be random to find master password one by one , and try input into 1Password's programs
    It is impossible It is protected randomly slow by "PBKDF2 algorithm"

    Case 2 > If someone gets a file in the folder. Some files, such as My-name.opvault band_0, band_E, folders.js, profile.js ,
    That means decryption more difficult than the Case 1.
    Get some files or all files are equal, right?

    Case 3> Suppose, I set the code Master password "power7 Toms".
    The team agilebits takes to guess Master password or decryption , How long will it take?

    I bought a license to 1Password for Windows4 last week.
    it's available all the time? No expiration.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2016

    Mean, if someone gets My-name.opvault all files in a folder

    they must be random to find master password one by one , and try input into 1Password's programs

    It is impossible It is protected randomly slow by "PBKDF2 algorithm"

    @auraskys808: Exactly! Not only do they have to guess seemingly infinitely, but the rate at which they can make those guesses is slowed down as well. :)

    If someone gets a file in the folder. Some files, such as My-name.opvault band_0, band_E, folders.js, profile.js ,
    That means decryption more difficult than the Case 1.
    Get some files or all files are equal, right?

    Hmm. This is kind of difficult for me to explain, but the short version is that it doesn't make a real difference. Much like your first example, they have to guess your Master Password to even have a chance at decrypting it. The band files are for sync purposes, so that it isn't necessary to sync your entire vault any time a single item (within a band) is updated.

    Suppose, I set the code Master password "power7 Toms".
    The team agilebits takes to guess Master password or decryption , How long will it take?

    It's done! You just told me the Master Password, so now I don't have to guess it!

    Just kidding! ;)

    In all seriousness, it's difficult to say for certain how long it might take to guess. But a password like that would be pretty weak. I'd recommend one 3-4 times the length — for example, randomly using 5 or more words with the Diceware option in the 1Password for Windows password generator.

    I bought a license to 1Password for Windows4 last week.
    it's available all the time? No expiration.

    Your license never expires. You can use 1Password 4 on all of your PCs forever. Thanks for your support! :)

This discussion has been closed.