End-to-End encryption is broken [Upgrade to OPVault]

Brad_I
Brad_I
Community Member
edited January 2017 in iOS

Hello, I've been a long time user. Today I was praising your product to a co-worker. He was saying since it saved the vault on my PC it wasn't secure. I said "Watch this." and went to hex edit the vault to show how secure it was. Much to my surprise and embarrassment, there is no vault. It's just a file folder. In the folder in plain text was a list of every site in my vault.

Not only that, I looked at my most recent key in the keychain which was a secure note and the title of the note was visible - again in plain text. For someone expecting privacy from 1Password and trusting it, I have some secure notes with titles like My DL # 123456. Seeing those notes exposed in plain text was heartbreaking.

I remember choosing 1password to replace another product because I thought it would better protect my privacy in a corporate environment. But this is far less secure than my last password manager could ever hope to be. Any admin with browse access to my PC has a half written script for resetting all of my passwords and direct plain text access to many of my notes.

Once I lock my vault, how is it possible one can simply browse through all of these files anyway? Shouldn't it be locked and encrypted? The very definition of the word vault is a secure container for storage of valuables.

In your marketing, it says:

End-to-end encryption. 1Password never saves decrypted data to disk, and whether you use a 1Password account or sync your data via iCloud or Dropbox, everything is end-to-end encrypted – in transit, at rest, and on the server.

I am sorry, but unless my copy is seriously broken, that's just not correct. Everything is not end-to-end encrypted. The data at rest is at best partially encrypted. And it does save decrypted data to disk.

If it's my copy that is broken, please tell me how to fix it.


1Password Version: 4.6.1
Extension Version: 4.6.2
OS Version: IOS, Windows
Sync Type: dropbox

Comments

  • Hi @Brad_I,

    Thanks for taking the time to write in. What file are you looking at?

    1Password can export to an unencrypted 1PIF file. This file is entirely unencrypted, and there are all sorts of warnings when creating one.

    1Password.agilekeychain files have metadata unencrypted. This is documented:

    Agile Keychain design

    This is no longer the default format, but if you've been using 1Password for a while and haven't migrated you may still be using it. If this is the case you may want to switch to our newer OPVault format:

    OPVault design

    I hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

  • Brad_I
    Brad_I
    Community Member

    Ben, you may have just answered my prayers. I am definitely on agilekeychain. I am going to switch to OPVault tonight and hopefully be back in love 1Password again. Thank you.

  • Brad_I
    Brad_I
    Community Member

    Ben, not sure how I got lost in the shuffle, but when I first installed years ago, it defaulted to agilekeychain - I didn't even know there was another format. I think I started using 1pw around the time of the conversion.

    But converting to OPVault has negated my entire post above. I threw it into one of my forensic tools to pull out something (anything) from my new vault and had no luck at all. So If there is a way for me to edit the post above or mark it resolved, please let me know.

    I am back in love. Thank you!

  • Thanks for the update @Brad_I! Glad to hear converting to OPVault has allayed your fears. New vaults / sync files are created as OPVault now, but if you've had 1Password a long time and haven't disabled/re-enabled syncing, changed sync services, or intentionally switched, it isn't super surprising that you were still using an Agile Keychain. Still a great format, IMO, but meta data is stored in the clear, and changing that was one of the primary goals of the transition to OPVaut.

    Ben

This discussion has been closed.