Does 1Password continue to provide zero knowledge cloud storage support?
I have read previous questions and answers regarding the same topic and I have closely read "About the 1Password security model" (https://support.1password.com/1password-security/) and the "1Password Security Design" whitepaper.
While the whitepaper specifically talks about the risk of compromise through law-enforcement, secret service and malicious third parties on page 55, it does not address how to mitigate this risk. The security problem I see here is that Agile Bits is one court order in combination with a gag order or one web server remote login vulnerability away from patching your website so that all passphrases are logged, enabling the attacker to access all secrets in a Vault. Therefore, I'd rather store the encrypted data on a third party's server (or my own) and have you modify your attacker model accordingly, thereby making it a lot harder for an attacker to gain access to the encryption keys and the data at the same time. From reading https://support.1password.com/sync-options-security/ which specifies that external services and the WLAN sync can be used with 1password and https://support.1password.com/wlan-server/ stating that the WLAN server is not available in 1password 6, I gather that only parts of the security model are available in each 1password release currently available for download. It's difficult to discern which versions are fully supported and will continue to receive support from Agile Bits.
So I hope that I can get straight-forward answers to the following questions:
- Is there a way to use the most recent official 1password release as a password-manager that guarantees that Agile Bits can not come into possession of any of the encrypted data? Ideally without a 1password.com account?
- Is there a way to use the most recent official 1password release as a password manager that guarantees that Agile Bits can not come into possession of any of the decrypted data? Ideally without a 1password.com account?
- Am I correct to assume that only local vaults, which as far as I know will come back with 1password 7, will again allow for the above security model?
- Will those local vaults support sync over external services and/or wifi again? Are there clear plans to bring this functionality back?
In any case, I would like to make the following suggestions:
- I would love support for the https://remotestorage.io/ RemoteStorage API, to allow for decentralized per-user storage on our own servers. This would also remove the need for the WLAN server, or rather, the WLAN server could be replaced with an implementation of the RemoteStorage API in 1password.
- I would love the option as an organization to completely disable the use of the 1password browser-based services and cloud services.
- Finally, are there plans to improve the implementation of Vault key rotation? It would be much better if we could enforce the removal of access for multi-user Vaults by enforcing key rotation through the click of a button, instead of manually transferring secrets into a new Vault.
I apologize if I missed places in the documentation where the above questions are addressed. I wasn't able to find them. Thank you for your time and help. 1password definitely offers good documentation and at least addresses the challenges in its data model openly. I hope you understand that I only mean to improve your product :).
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Is there a way to use the most recent official 1password release as a password-manager that guarantees that Agile Bits can not come into possession of any of the encrypted data? Ideally without a 1password.com account?
Yes and no.
- You can currently purchase a standalone version of 1Password for Mac which doesn't require a 1Password.com account.
- 1Password have promised to allow 1Password 7 for Windows to be purchased standalone without an account but there's no date on when this will be released nor any indication on the pricing.
Is there a way to use the most recent official 1password release as a password manager that guarantees that Agile Bits can not come into possession of any of the decrypted data? Ideally without a 1password.com account?
See above.
However, with or without a 1Password account you have to trust that AgileBits haven't introduced any backdoors because (if they have) then your data could be surreptitiously exfiltrated.
Am I correct to assume that only local vaults, which as far as I know will come back with 1password 7, will again allow for the above security model? Will those local vaults support sync over external services and/or wifi again? Are there clear plans to bring this functionality back?
Local vaults have been guaranteed to be reintroduced with 1Password 7 however it won't provide a perfect security model for the reason given above.
I would assume, although I don't know, that 1Password 7 will allow synchronisation over local external services and/or WiFi.
The security problem I see here is that Agile Bits is one court order in combination with a gag order or one web server remote login vulnerability away from patching your website so that all passphrases are logged, enabling the attacker to access all secrets in a Vault.
I'm not a Canadian lawyer and I can't advise you on whether the law in Canada allows gag orders. It's a valid concern and even if Candian law doesn't provide for gag orders, it's technically possible for them to do this.
My advice is, if your security model is as posited, then 1Password isn't and never will be the solution for you.
1Password satisfies my threat model but if your security needs are extremely high then your only sensible option is open source software such as KeePass. It's the only password manager that has been audited and approved by the EU. It's also free and works with any services you like.
0 -
I agree with @darrenNZ you have to assess your threat model and what you are comfortable with. Heck, you might even need to build your tool from source too just to make sure. I don't, but I don't know that you don't. Even with a dropbox as your sync model, who is to say someone doesn't pilfer it and look for every password manager database? Btw I believe that 1PW state they never transmit your master password, so that vulnerability would in theory not get your password. The authentication and the decryption of your data (locally) are separate though based on your secret key and password. So they would not get your passphrase and secret key. Authentication section of the white paper (assuming they are telling the truth... ;) )
Eu Report Comment:
lol... all bureaucrats make mistakes, this is my favorite section in that report. Can you spot the issueThreat (Medium): to exploit this functionality, it is necessary to have access to
the code.Vulnerability (Low): it is hard to find this vulnerability and to exploit it as well. It
is also not publicly known. <--- um they do now!!Impact (Medium): it can only affect local computers. The result of its occurrence
is a loss of data integrity and precision.0 -
You're right, 1Password do tout their inability to decrypt the data but that's only assuming they remain, as lawyers say, quamdiu se bene gesserint.
If 1Password were to go evil then they'd be able to exfiltrate data by capturing the master password or secret key for all or some accounts. I won't dwell on it further because it's purely hypothetical but ultimately, for closed source software, there's no way that @jdelic can confirm or deny this is what 1Password are doing (unless he's a programmer, cryptographer and expert debugger). Even if he's got all of those dazzling attributes he still wouldn't have access to the server-side code of 1Password.
Rich Icons are a good example. AgileBits admit that:
...we are not in a position to say that it would be impossible for us to collect such data if we were compelled to...
The specific workaround for that eventuality is to "turn Rich Icons off" but you can't disable Rich Icons until you've already 'downloaded' your database (that is: already sent your URLs to the server!)
KeePass has been examined a few times and whilst I use that EU report as an example, the code is out there for anybody competent to audit. I read your quotes:
it is necessary to have access to the code
Obviously KeePass is open source (hence how it was discovered) however they're pointing out that it's a pre-requisite to exploiting the vulnerability.
It is also not publicly known.
The vulnerability wasn't publicly disclosed until after it had been fixed.
Even more promising there were no critical or high-risk vulnerabilities found in KeePass.
1Password do have what they call 'Security Assessments' but they don't seem to be of the same detail that KeePass, and other password managers, have been subjected to. This is probably because 1Password wish to retain confidentiality of their intellectual property.
0 -
lol. I get that. If there is no trust for private vendors in certain (any?) jurisdictions, then a private vendor, regardless of what they post or say is inherently a nonstarter since none of them can ever be fully trusted. Full stop.
I trust them, but also assume the PAKE is valid, so even though the government could see that I go to/have been to macys.com or marks & spencers, they could not get my master password.
0 -
Hypothetically if 1Password were silently compelled (and complied) with a government demand then the PAKE could be captured. We're told that neither the software or the website transmits X and/or Y to AgileBits although this behaviour could be silently changed in this worst-case scenario.
Realistically if somebody is concerned about a state actor then 1Password isn't the solution for them.
You then have inherent vulnerabilities in, or pressure exerted on, Windows (Microsoft), Android (Google) or iOS (Apple) and if the operating system is compromised then apps like 1Password have no chance.
0