1Password weakest links

nils_enevoldsen
nils_enevoldsen
Community Member

I'd be interested to read a section in the whitepaper about what you think the weakest links are in your security model. In other words, supposing I am not an especially high-value target, and supposing my 1Password vault is breached, what is the most likely way that happened?

If I'm a high-value target, then pwning me is easy. The intelligence services just "look over my shoulder" with video camera surveillance of my fingers on the keyboard, or a zero-day OS exploit, or whatever.

If I'm a not a high-value target, I suspect the weakest link is still something local. Maybe something like a keylogger and data exfiltration program that gets installed via a compromised update of some app I have on my computer, for example. Then the attackers vacuum up thousands of [secret-key-decrypted] vaults and [keylogged] master passwords, and I happen to be one of the fish caught in the net.

Assuming it's not something local, what's the most likely scenario?

  1. There is a heretofore unknown fundamental weakness in the cryptographic algorithms used by 1Password. An advanced adversary steals vaults from AgileBits via zero-day exploits of AgileBits's server infrastructure, and uses the identified weakness to crack all the vaults.
  2. AgileBits is infiltrated by intelligence services, or an employee becomes disgruntled and goes rogue. To collect secret keys and master passwords, that employee subtly weakens or backdoors 1Password without other engineers realizing.
  3. In 2018, an adversary steals vaults from AgileBits via some exploit of AgileBits's server infrastructure. They leak to the public. In 2024, AgileBits switches to an efficient post-quantum algorithm. In 2027, there is a quantum computing breakthrough. An adversary uses Shor's algorithm on a quantum computer to decrypt the stolen vaults from 2018. Many of the passwords still work.
  4. There is an innocent bug in a 1Password app or the implementation of PAKE+2SKD. It is a bad bug. It turns out that absolutely everything is leaking through the scroll lock LED or whatever. Oops. You didn't consider that kind of bug. Donald Rumsfeld mumbles about "unknown unknowns".
  5. AgileBits has actually been a front by intelligence services all along.
  6. ?

(I mean, clearly it's #5. But supposing it's not. ;) )


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @nils_enevoldsen,

    I like the way you think! You should come work for us (not kidding!).

    This is something we also think about every day.

    There is a heretofore unknown fundamental weakness in the cryptographic algorithms used by 1Password. An advanced adversary steals vaults from AgileBits via zero-day exploits of AgileBits's server infrastructure, and uses the identified weakness to crack all the vaults.

    I do not worry about this one because there is not much we can do about it. We just try to "not invent our own crypto". It is also one of the reasons we stick with PBKDF2 for now instead of trying the newer but less proven options.

    AgileBits is infiltrated by intelligence services, or an employee becomes disgruntled and goes rogue. To collect secret keys and master passwords, that employee subtly weakens or backdoors 1Password without other engineers realizing.

    This is certainly one of the more possible scenarios, especially now that we are growing quickly and have over 100 people in the company. GitHub helps here a bit, we protect master branch until the pull request is approved by a peer. So, you need 2 employees working on the same team.

    In 2018, an adversary steals vaults from AgileBits via some exploit of AgileBits's server infrastructure. They leak to the public. In 2024, AgileBits switches to an efficient post-quantum algorithm. In 2027, there is a quantum computing breakthrough. An adversary uses Shor's algorithm on a quantum computer to decrypt the stolen vaults from 2018. Many of the passwords still work.

    Not sure about this one :) This scenario also reminds me some of the "competing" products that does not provide end-to-end encryption and was hacked in 2017 :scream: It would be interesting to see what happened to their customers. I personally do not understand how they are still in business.

    There is an innocent bug in a 1Password app or the implementation of PAKE+2SKD. It is a bad bug. It turns out that absolutely everything is leaking through the scroll lock LED or whatever. Oops. You didn't consider that kind of bug. Donald Rumsfeld mumbles about "unknown unknowns".

    We always try to think that we have these bugs. It keeps us alert :) And we try to have more than one level of protection.

    AgileBits has actually been a front by intelligence services all along.

    Let's ask Snowden, he'd know :)

    1. It is not the sexiest answer but at the moment, the weakest link in 1Password is people forgetting their master passwords. It happens pretty much every day and people lose access to their data, unfortunately.
  • nils_enevoldsen
    nils_enevoldsen
    Community Member

    I appreciate the response, @roustem! I'm glad you took my questions seriously and didn't feel attacked by them. Probably a good attitude for a security professional.

    I do not worry about this one because there is not much we can do about it.

    Multiple encryption is a partial mitigation, right? I think 1Password makes use of that in some cases.

    GitHub helps here a bit, we protect master branch until the pull request is approved by a peer. So, you need 2 employees working on the same team.

    Code review seems necessary but also insufficient. My guess is that the mole would act earlier (architectural decisions, algorithm choices, etc) or later (serving compromised binaries by diverting some requests to an external server, working with a fellow mole at Google to serve a compromised binary though the Play Store, etc). A good mole can look over your shoulder to get your credentials, and probably misuse them in nefarious ways within the AgileBits infrastructure itself, such as signing all these compromised binaries with valid AgileBits signatures. It seems like an NSA mole could probably do some very insidious things given time and careful thought.

    I'm curious, do you think thorough background checks on employees are worthwhile?

    I like the way you think! You should come work for us (not kidding!).

    Do you need an economist? 8-)

    (Do you need an NSA mole? ;) )

  • Code review seems necessary but also insufficient. My guess is that the mole would act earlier (architectural decisions, algorithm choices, etc) or later (serving compromised binaries by diverting some requests to an external server, working with a fellow mole at Google to serve a compromised binary though the Play Store, etc

    Yes. I agree. The build and distribution is certainly a weak point that could be attacked. It is probably easier to do than trying to sneak malicious code directly into the master branch. An additional thing we are currently discussing internally is to set up one or more independent servers (run by different teams) that could periodically verify the integrity of the code that is being distributed. This would be especially important for the web client that changes more often.

    Do you need an economist? 8-)

    We certainly need people who can write and communicate well! They are often harder to find than developers 😄

    (Do you need an NSA mole? ;) )

    That would explain quite a bit 🤔

  • nils_enevoldsen
    nils_enevoldsen
    Community Member

    An additional thing we are currently discussing internally is to set up one or more independent servers (run by different teams) that could periodically verify the integrity of the code that is being distributed.

    I like this proposal. 👍

  • AGAlumB
    AGAlumB
    1Password Alumni

    Indeed, every bit helps! We use a lot of "layers" here at AgileBits, both the more public stuff, like our security model for 1Password.com and less publicly with checks and balances, and compartmentalizing things so that each of us only has access to the stuff we absolutely need to, which results in fewer potential security holes — especially with regard to the human element. A hundred people doesn't send like a lot (though, try to get all of them in a single place for a conference and it feels differently!), but if they all have access to the code that's a lot more opportunity for an attacker to get a foothold by compromising one of their accounts. So it's stuff like this that we spend a lot of time thinking about. And with security-consicous customers like you and others — especially here on the forums — it makes for some fascinating discussions too. :chuffed:

  • nils_enevoldsen
    nils_enevoldsen
    Community Member

    Thank you for the thoughts, @brenty! Indeed, one of the reasons I'm confident in AgileBits is precisely because I assume it's filled with security conscious employees who think hard about both internal and external security. Anything I've thought of is something an AgileBits employee has already thought of, and because they're security conscious, they've acted on it if they think it's necessary to do so. So keep doing you. I'll keep supporting you. :smile:

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks so much for your support! We couldn't do what we do without you and the rest of our awesome customers. :chuffed:

This discussion has been closed.