Can you add a feature to print the password with some security
I would like to see if 1Password could print the passwords based a predefined key.
Say my key is +3
Add 3 to the ascii character to determine the real password
password is password
prints out as "sdvvzrud"
Would provide some security if you know the key.
The key could be more secure like 32451 repeating for every 5 characters, but i hope you get what I am hoping for..
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@jchiar ,
I don't speak for AgileBits, so feel free to ignore this post. I doubt this will ever be done, as a) it is security by obscurity (which is no security at all) and b) there are complications that you haven't considered.
You're asking about simple rotation-based encoding schemes, but you have to handle the end cases, such as ASCII } or ~ which rotate past the end of the printable ASCII characters. What should happen to them? The probably would rotate into (decimal 32), but this is going to potentially require doing a lot of math to decode your password, and this seems unlikely to be desirable to almost any 1Password user.
Since you're asking for even more complex encoding schemes as well, if you are not the only one who would potentially decode the data (in the event you die), then those trusted persons would need your key, and instructions for decoding, but can you ensure they'll keep those secure, or even be able to handle your encoding scheme? While your trusted people might, would this be true for a majority of 1Password users? I doubt it.
If you are printing your 1Password data, the best security for it is to keep it in a secure safe or safe deposit box.
Just my 2 cents.
That said, if you really, really feel the need to have such a feature, I'd be happy to provide it for you in my onepif converter, where you can print out your data in a more compact, robust fashion.
0 -
What is this onepif convertor?
0 -
@jchiar ,
I have a converter suite that helps users convert their old password manager exports into a format that 1Password can import. One of those converters, the onepif converter, is a little different - it takes a 1Password 1PIF export, and converters it into another format. The currently available formatters allow conversion to HTML and CSV, typically for printing or archiving. These were created in response to user requests.
In the first post of the link above, is another link to Screenshots and Samples, look at the onepif (to HTML) sample there. This is just one sample from one of the formatters. There's no reason why a formatter could not obfuscate a password field as per your request.
0 -
That worked pretty good. I had an error on some of the items i exported, so i just exported 5 for a test and would up with an html file.
So how could I get a formatter to modify the password field?
Thanks!0 -
Hi @jchiar ,
I made major modifications to the onepif converter recently, to accommodate the new csv formattter, and haven't yet updated all the HTML formatters. I'll work on that today, and will implement one for your rotation scheme.
Can you full describe how you want to handle this (and other password-type) fields? One simple obfuscation technique could be using simple HEX digits instead of ASCII characters. No math involved. But I'm happy to do what you need.
0 -
I've written about why printing your 1Password data may not be a good idea, from one perspective, here:
A Print question — AgileBits Support Forum
This doesn't even begin to address all of the reasons printing is a bad idea, but talks about one pretty good one (TL/DR: it is unruly and ineffective). :)
Ben
0 -
@Ben,
The argument is a bit circular. Agilebits wrote code that outputs WAY too much paper, and then you argue the reason to not print is that the print out uses WAY too much paper! A good technique to prevent users from printing out the contents of their vaults, if not a bit underhanded! :p
0 -
If you could add convertor options to subtract "xyz" from the value of the ascii character and use that for the password that would be good.
Since if i enter 345 for xyz
for x of 3, it would mask a character of Z (ascii 90) to W (ascii 87).
If y is 4 , it would mask a character of Z (ascii 90) to V (ascii 86)
if z is 5 , it would mask a character of Z (ascii 90) to U (ascii 85)If the password is more that 3, it would just repeat the mask 345345
If the password was ZZZZZZ
the printed result would be WVUWVU
Then you could just use the ascii table to convert the masked password into the real one know what the offset value is !
Got it? Did i make it too complex?
Or if this is too complex, you could just use one value to subtract the actual character from...
This way you could print out password and notes with something my son could decrypt if he has the table and the key
0 -
The argument is a bit circular.
Ha! I see your point. But I think the point is still valid that even with a more compact print option paper is still a fairly impractical way to handle this.
Ben
0 -
Ben I hear you, but if i only need a site name , username and password that could be on one line.
I live in a flood zone and frequently evacuate. If a SHTF scenario, I need to grab my paper binder and run.(I actually keep a copy in my trunk of my car ) Plus it works when i have no power / connectivity at home (for bank account numbers and such)
0 -
Right. The problem is you need to re-print a whole page every time 1 login changes.
@jchiar A 1Password.com account would solve some of that for you. You would store your Emergency Kit in your SHTF binder, and then could login from wherever.
1Password Emergency Kit
Ben
0 -
Or just that single page with the changes.
Seriously, I get your point, but its important not to make a mountain out of a molehill for the sake of trying to convince people not to do something they need to do. Not everyone is going to use a computer to view a PDF document, and Agilebits will not change that. You all have grandparents, that don't use devices, right?
0 -
Or just that single page with the changes.
I know; that's what I said. ;)
Not everyone is going to use a computer to view a PDF document, and Agilebits will not change that.
I understand. The Emergency Kit is intended to be a printed document.
You all have grandparents, that don't use devices, right?
Right... but they also don't have online accounts or 1Password. I'm not sure where you're going with that argument. :)
I'm not trying to discourage you from adding this to the 1PIF converter if you'd like to do so. But we will not be adding it to 1Password, and I think it is very important that someone understand the security implications with such a solution (as well as the practical aspects).
Ben
0 -
Right... but they also don't have online accounts or 1Password. I'm not sure where you're going with that argument. :)
Sometimes you need to give your grandparents YOUR credentials. They may then need to work with their advisers to act on your behalf.
0 -
Sometimes you need to give your grandparents YOUR credentials. They may then need to work with their advisers to act on your behalf.
I see. And yes, I think that could potentially be a reasonable use of the print function. My concern is more with attempting to print the entire database. I don't see that as a practical solution for most folks. In most of the scenarios I've come across with folks attempting that there is a better solution.
Ben
0 -
Perhaps it's better to add the secret to come up with the printable password rather than to subtract. That way you never need to use dec 32. Who puts a space in a password anyway?
0 -
If you had a space in a password, and you used a secret of +1 , the printed password would be !
0 -
@jchiar ,
Perhaps it's better to add the secret to come up with the printable password rather than to subtract. That way you never need to use hex 32.
No, that just changes the question that still must be answered. You're missing the point about handling the end cases, as I mentioned in my first reply to you.
If you add, what should ASCII } or ~ map to, since these rotate past printable characters and into the 127 to 255 range!
The printable character ranges are 32 (if you include space) to 126 (tilde). Your simple subtraction or addition encoding scheme must yield only printable characters, but you haven't said anything about wrapping. Probably the mapping should just wrap, as in ..., 125, 126 --> 32, 33, ...
FYI:
0 nul 1 soh 2 stx 3 etx 4 eot 5 enq 6 ack 7 bel 8 bs 9 ht 10 nl 11 vt 12 np 13 cr 14 so 15 si 16 dle 17 dc1 18 dc2 19 dc3 20 dc4 21 nak 22 syn 23 etb 24 can 25 em 26 sub 27 esc 28 fs 29 gs 30 rs 31 us 32 sp 33 ! 34 " 35 # 36 $ 37 % 38 & 39 ' 40 ( 41 ) 42 * 43 + 44 , 45 - 46 . 47 / 48 0 49 1 50 2 51 3 52 4 53 5 54 6 55 7 56 8 57 9 58 : 59 ; 60 < 61 = 62 > 63 ? 64 @ 65 A 66 B 67 C 68 D 69 E 70 F 71 G 72 H 73 I 74 J 75 K 76 L 77 M 78 N 79 O 80 P 81 Q 82 R 83 S 84 T 85 U 86 V 87 W 88 X 89 Y 90 Z 91 [ 92 \ 93 ] 94 ^ 95 _ 96 ` 97 a 98 b 99 c 100 d 101 e 102 f 103 g 104 h 105 i 106 j 107 k 108 l 109 m 110 n 111 o 112 p 113 q 114 r 115 s 116 t 117 u 118 v 119 w 120 x 121 y 122 z 123 { 124 | 125 } 126 ~ 127 del-
Who puts a space in a password anyway?
If you use a small phrase, it isn't uncommon: "I @ate* ?asswds!"
0 -
Sure, wrapping would be work. I get that!
A space is visible unless it's at the beginning or end. Perhaps if you have a space in the beginning or end you could print the password in leading or ending in a color llike red?0 -
@jchiar ,
I don't think color-coding a space is a good idea: 1) it relies on color printers for printouts, 2) a colored-space isn't visible, unless the font's background color is also set (and that means making special CSS properties, etc. for this very singular case), 3) depending upon font and font weights, you may not know if you have one, two, three spaces in a row, and 4) it feels like a kludged special-case to an ill-conceived visible character encoding scheme.
I could use a special delimiter token to handle spaces.
Let's be clear here - this is your encoding scheme, that you and yours have to deal with. I'm trying to push you to make it well-defined, as it appears you've not thought this through very carefully, and I don't want to do work on this until you have a clear idea that you can communicate to me exactly what you want / need. (I'm still waiting for that definitive statement from you on how to handle the edge cases!).
My (very long) experience tells me you don't want to rely on printable characters when you encode like this - instead, you should rely on numerical representations (like I suggested above using hex digits instead of ASCII characters), because the encoding is non-ambiguous as yours has turned out to be.
So, I'll await your final, full specification on what you actually want...
0 -
Printing out hex values would work just fine. Im including the ascii table in the paperwork. That gets rid of the space issue. In the edge cases, you mentioned wrapping back 125, 126 --> 32, 33. Or 32 -1 = 126 If you could base this all on an encoding key that adds up and repeats for the remaining characters, is that enough detail?
I think i like the idea of
IF i enter 123 as the input, if a password had 12 characters it would encode the output like 123123123123 (add in 1 to the first character, 2 to the second character, 3 to the 3rd, 1 to the 4th etc). If it was a 5 digit password it would encode it with 12312 .. Get that? (Ill probably use a common PIN that my wife uses)All the user needs is the encoding offset (pin) and the table.
0 -
Is the math function in the perl script? In the example above, is ZZZZ the actual password?
I was thinking it might be easier to have the computer subtract the number, so the user can take the encoded password and add. (i think people find addition easier)0 -
@jchiar ,
Yes, of course, the encoding will be done by the script - my command line above shows your encoding shift numbers (e.g. 345 or 3459), and a password (e.g. ZZZZZZ) as arguments, and the computed result.
As hex, it will be:
$ perl x.pl '345' 'ZZZZZZ' 575655575655 $ perl x.pl '3459' 'ZZZZZZ' 575655515756
00 nul 01 soh 02 stx 03 etx 04 eot 05 enq 06 ack 07 bel 08 bs 09 ht 0a nl 0b vt 0c np 0d cr 0e so 0f si 10 dle 11 dc1 12 dc2 13 dc3 14 dc4 15 nak 16 syn 17 etb 18 can 19 em 1a sub 1b esc 1c fs 1d gs 1e rs 1f us 20 sp 21 ! 22 " 23 # 24 $ 25 % 26 & 27 ' 28 ( 29 ) 2a * 2b + 2c , 2d - 2e . 2f / 30 0 31 1 32 2 33 3 34 4 35 5 36 6 37 7 38 8 39 9 3a : 3b ; 3c < 3d = 3e > 3f ? 40 @ 41 A 42 B 43 C 44 D 45 E 46 F 47 G 48 H 49 I 4a J 4b K 4c L 4d M 4e N 4f O 50 P 51 Q 52 R 53 S 54 T 55 U 56 V 57 W 58 X 59 Y 5a Z 5b [ 5c \ 5d ] 5e ^ 5f _ 60 ` 61 a 62 b 63 c 64 d 65 e 66 f 67 g 68 h 69 i 6a j 6b k 6c l 6d m 6e n 6f o 70 p 71 q 72 r 73 s 74 t 75 u 76 v 77 w 78 x 79 y 7a z 7b { 7c | 7d } 7e ~ 7f del0 -
Looking awesome!
0 -
@jchiar ,
How's this, using the key "345" ?
perl convert_to_1p4.pl onepif -v --format html_pwencode --encodekey 345 login.1pif
It is available for you to try in the 1.10 release in Testing Bits. Command line above shows how to use it.
Note: I'm only encoding the login password for now - once you're satisfied, I'll add the few lines of code to encode any field that is of type Password.
0 -
Been trying to get this to work but can't get past the following
JoeChiarelliMBPRO:convert_to_1p4 jchiar$ perl convert_to_1p4.pl onepif -v --format html_pwencode --encodekey 345 /Users/jchiar/Desktop/pass.1pif/data.1pif
Error: failed to load converter module 'onepif'
Can't locate XML/Simple.pm in @INC (you may need to install the XML::Simple module) (@INC contains: /opt/local/lib/perl5/site_perl/5.24/darwin-thread-multi-2level /opt/local/lib/perl5/site_perl/5.24 /opt/local/lib/perl5/vendor_perl/5.24/darwin-thread-multi-2level /opt/local/lib/perl5/vendor_perl/5.24 /opt/local/lib/perl5/5.24/darwin-thread-multi-2level /opt/local/lib/perl5/5.24 .) at Converters/Onepif.pm line 25.
BEGIN failed--compilation aborted at Converters/Onepif.pm line 25.
Compilation failed in require at convert_to_1p4.pl line 38.Usage: convert_to_1p4.pl
Select a converter:
clipperz csv dataguardian datavault essentialpim ewallet fsecurekey handysafe ironkeyim
keepass2 keepassx keeper keychain keyfinder lastpass licensekeeper msecure nortonis
onepif passpack passwordagent passworddepot passwordsafe passwordsplus passwordwallet
roboform safeincloud safewallet spbwallet splashid stickypassword truekey txt2notes vcard
wallet4 yojimboSelect one of the converters above and add it to the command line to see more
complete options. Example:perl convert_to_1p4.pl ewallet --help
JoeChiarelliMBPRO:convert_to_1p4 jchiar$
0
