1Password and Wine, safety?

Lithi
Lithi
Community Member

Hello!

I recently switched to Ubuntu because I felt like I owed it to myself to be familiar with Linux. Anyways. Only reason I haven't switched earlier is because of the lack of a native 1Password client on Linux.

I easily managed to get it to run through Wine and sync with my Dropbox. I have no idea if the "Unlock on secure desktop" feature works properly, but I used it anyways and it pops up messagebox where I enter my password.

Anyways, things are working. But I'm wondering how safe it is to use 1Password this way? Is there anything I should take in to consideration?

Comments

  • RichardPayne
    RichardPayne
    Community Member

    That would depend on precisely how WINE has implemented the CreateDesktop function. It might just return the handle to current desktop, in which case using the 1Password Secure Desktop is no better and no worse than not using it. If it is creating a separate desktop and compositing the desktop's windows into the main user desktop then it would be more secure.

    I suspect that the first option is more likely but you'd have to ask the WINE guys to be sure. @svondutch, can you confirm that CreateDesktop is the function that you're using to open the Secure Desktop?

  • svondutch
    svondutch
    1Password Alumni
    edited March 2015

    @svondutch, can you confirm that CreateDesktop is the function that you're using to open the Secure Desktop?

    @RichardPayne Confirmed. It starts with this:

    hdeskOld := OpenInputDesktop(0, False, DESKTOP_SWITCHDESKTOP);

    Then we create a new desktop:

    hdeskNew := CreateDesktop(DESKTOP_NAME_1PASSWORD, nil, nil, 0, DESKTOP_CREATEWINDOW + DESKTOP_SWITCHDESKTOP, nil);

    Then we switch to this new desktop:

    Windows.SwitchDesktop(hdeskNew);

  • nekojira
    nekojira
    Community Member

    has someone figured out if the browser extensions can work with 1password running on WINE in Ubuntu?

  • RichardPayne
    RichardPayne
    Community Member
    edited May 2015

    Yes, they work @nekojira. The key thing that doesn't work is the Ctrl+\ shortcut. You have to click on the toolbar button. There's also an outstanding issue where the auto-lock on terminal lock doesn't work.

  • klosteraner
    klosteraner
    Community Member

    Completing the questions that have to be ask by somebody, who is not into the implementationdetails of wine/browserextension of 1Password:

    How safe is it to use the browserextension, having the mainprogramm emulated by wine?

    Is it safe at all or does one face the same problems by directly entering the mastercode without using "safe desktop mode"?

    I would appreciate a beginner friendly answer :)

  • AGAlumB
    AGAlumB
    1Password Alumni

    @klosteraner: I'll be honest: this is a bit outside of my wheelhouse.

    I use WINE, but I'm always amazed that it works at all, and I don't know enough about how it works to say what the risks are. But it seems to me that, since the traffic between the browser and the helper are encrypted that you should be in good shape...

    ..but then I don't know if WINE is caching anything on either end that might pose a problem from a security perspective.

    I'm bringing this up with the team to see if we can provide you some additional...okay, some real insight. ;)

  • RichardPayne
    RichardPayne
    Community Member

    in principle a compatibility layer like WINE could read and log everything you do and every piece of data you handle in an application, including your master password and encryption keys. That said, WINE is open source, and as far as I'm aware it does none of these things.

    It is also possible for there to be a bug in WINE that gives an intruder access they shouldn't have to the process.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @RichardPayne: Agreed. The great thing about open source is that the code can be audited...but most of us don't have the time to.

    Unfortunately there isn't a great deal of incentive for others to do so either in many cases -- similar to how a Google engineer discovered the Heartbleed bug, and only then did financial support for the maintenance of OpenSSL pour in.

    Ultimately 1Password isn't supported on WINE, but the fact that such possibilities exist warms my nerdy little heart. :glasses:

This discussion has been closed.