Two layers of security (sparsebundle) problem...
I recently had the idea of creating an encrypted sparsebundle in dropbox, and storing my 1password vault within the sparsebundle. That is where I will keep all of my really sensitive information. This way if dropbox, sparsebundle, or 1password ever have a major compromise, I will be protected by the other layers, at least for this very sensitive information.
The problem occurs, when I open 1password, it prompts for the sparsebundle password (to mount it, which is expected), but if I click cancel several times to avoid mounting the sparsebundle, I can still switch to the protected vault and see the data within it, even withOUT the sparsebundle being mounted or 1password having access to the vault!
This concerns me, because I thought that my super secure data was ONLY accessible if the vault was accessible and unlocked! Is this the expected behavior? Is there another way to accomplish having a super secret vault?
1Password Version: 1Password 6 Version 6.7.1 (671001) AgileBits Store
Extension Version: 4.6.5.90
OS Version: 10.12.4
Sync Type: DropBox
Comments
-
@lagreca: First, don't do this. It's completely unnecessary (all three are using AES encryption, so if a flaw is found it will affect them all), and it can cause issues if anything goes wrong with a link in the chain. Imagine that the sparsebundle gets damaged; you won't be able to access your 1Password data either. It's just a lot of moving parts, and none of these things were designed with this in mind.
But more importantly, 1Password keeps an encrypted internal database in its Application Support folder. This contains all of the data you have stored in 1Password (as opposed to single vaults, which you'd be syncing with a local folder in Dropbox). It's important to note that your 1Password data is end-to-end encrypted, so 1Password simply doesn't depend on the sync service to protect your data.
Suffice to say, the only way you can access anything in 1Password is by unlocking it with your Master Password, which in turn is used to decrypt the data. So 1Password already gives you a "super secret vault" without the need to jump through these hoops. I hope this helps. Be sure to let me know if you have any other questions! :)
0 -
@brenty - Thank you for the reply!
You're assuming the flaw would be in AES encryption for these services, but software is complicated, and a flaws can be exploited in more than one way. Just ask LastPass (https://goo.gl/X0x7HP) of the various ways their service was exploited. I know you guys are good, but as with all software it's not a matter of "IF", but "WHEN" it will be exploited. I'm just trying to wrap up my more sensitive data in another layer of protection.
As far as using a sparsebundle, how would this be any different from storing a 1password vault on a removable thumb drive? Is that also frowned upon?
To me this functionality, of showing unencrypted vault information when the vault is no longer available, seems more like a bug or security risk. I really think that AgileBits should consider flushing their own internal database of information when vault file is no longer accessible. I would also like to see better handling of multiple vaults, when they don't all exist in the same location, and are not always available, like when they are stored on removable media.
I'd also like to see better security on the Mac version of your software, where multiple vaults with different passwords, are NOT all opened by a single password. For those who don't know, I'm referring to the PC version of 1password, which requires you to unlock each individual vault individually. Where the Mac version, a single vault password will unlock all currently used vaults.
Thanks again!
0 -
You're assuming the flaw would be in AES encryption for these services, but software is complicated, and a flaws can be exploited in more than one way.
Excellent point. AES has been pounded on for many years by folks with lots of money (e.x. governments). It all comes down to implementation.
I'm just trying to wrap up my more sensitive data in another layer of protection.
Understood, but please be aware this is not a supported configuration, and in fact it will almost definitely cause you difficulties sooner or later.
You may want to look at our 1Password.com service, which does offer another layer of protection... the Secret Key is used in conjunction with your Master Password to encrypt your data:
About your Secret Key
This protects you even if:
A. All of the data is stolen off of our servers and
B. You were using a somewhat insecure Master PasswordObviously we recommend avoiding B, and have taken extensive measures to prevent A, but as you say... software is complicated.
You can read more about the security design of our 1Password.com service here:
1Password Security Design White Paper
As far as using a sparsebundle, how would this be any different from storing a 1password vault on a removable thumb drive? Is that also frowned upon?
Yes. We don't recommend storing your 1Password sync file on a removable or network volume.
To me this functionality, of showing unencrypted vault information when the vault is no longer available, seems more like a bug or security risk.
It isn't that the vault is no longer available... it is the sync file that is no longer available. The vault(s) are stored in a sqlite database. The
opvault
oragilekeychain
files are just sync files (for 1Password 6 for Mac, anyway; other platforms handle differently).This isn't something we're going to change at this point. The benefits of this setup, we feel, outweigh any possible downsides. Additionally, our focus is on our 1Password.com membership offering, where sync files are not used.
where multiple vaults with different passwords, are NOT all opened by a single password
Thank you for the feedback. We implemented this setup after an overwhelming amount of feedback from customers who disagreed with you. I think you'll find you're in the minority here. The product is called "1Password," after all, as was pointed out to us numerous times before this was implemented. Most folks come to us because they don't want to have to remember multiple passwords. :)
Thanks!
Ben
0