Old Master Password unlocking files

Options
Fairgame
Fairgame
Community Member
edited May 2017 in Mac

I remember reading a post about 3 years ago, in the standalone version such as 1PW 4, all the keys created are from the original first master password. The side effect was that even with changed master password, the old master password was able to unlock the files - with some limitations. I cannot find the post to get more details.

Now with 1PW accounts, from reading the inner workings, I think the new master password creates new keys etc. and the old master password does not work any more.
Is that the case?

Thank you for explaining!

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    I remember reading a post about 3 years ago, in the standalone version such as 1PW 4, all the keys created are from the original first master password. The side effect was that even with changed master password, the old master password was able to unlock the files - with some limitations. I cannot find the post to get more details.

    @Fairgame: Thanks for reaching out! That's not quite accurate. The short version is that your Master Password never directly encrypts the items in your vault. That would actually make it much easier for someone to perform a brute force attack. Instead, the Master Password you choose is used to encrypt the randomly generated keys which are used to encrypt the items in your vault. Changing the Master Password re-encrypts these keys with the new Master Password. I think the confusion in this area is twofold:

    • Changing the Master Password does not re-encrypt all of the items in the vault, only the keys to encrypt them. This is also why changing the Master Password isn't a time-consuming process.
    • Because of this, any backups that you keep around can still be unlocked using the old Master Password, as that's what was used to encrypt them.

    But you can truly have a "clean slate" by creating a brand new vault with a new Master Password, copying the data over, and deleting the old vault/backups. But you'll want to make sure you have everything all set before deleting things permanently.

    Now with 1PW accounts, from reading the inner workings, I think the new master password creates new keys etc. and the old master password does not work any more. Is that the case? Thank you for explaining!

    1Password.com works very similarly, only that there are a lot more encryption keys involved (since they are needed to facilitate key exchange between members when sharing vaults), and because the Secret Key is used along with the Master Password to encrypt. You can read more details on how all of this works in our white paper, and don't hesitate to ask any other questions you may have! :)

  • Fairgame
    Fairgame
    Community Member
    Options

    Thanks

  • Drew_AG
    Drew_AG
    1Password Alumni
    Options

    On behalf of Brenty, you're very welcome! We're here for you if you have more questions about 1Password. Cheers! :)

This discussion has been closed.