Backup and Sync Security

LockerLocker
edited March 2011 in iOS
justG wrote:

* If you've used the built-in "backup and restore" feature to save a backup copy of your 1Password data, you can use it again to restore that saved backup file. You can read more about our backup and restore option here:
http://help.agile.ws/1Password_touch/backup.html


I just happen to read this thread, for no special reason, and wanted to get some clarifications:

  1. The backup file is encrypted. Right? I assume the restore part will ask for a password. Is it the master password of the 1PW on the phone? I assume that the OP did not forget that password, just the 4-digit password. Otherwise, this recovery method would not help.


  2. So if I assumed correctly that the backup file is protected by the mater password of the iPhone the iPhone, is everything protected by that password? including those entries that were protected on the iPhone only by the 4-digit code?
    ... and during the restore, do those entries get re-encrypted by the encryption key of the (new) 4-digit code?


  3. I've looked at Agile Keychain Design.

    and Backing Up and Restoring Your 1Password touch Data

    From the second reference:
    When 1Password on your device detects that there is a newer item on Dropbox, it will fetch that encrypted item from the Dropbox server. It will then use the master password for your Mac or PC to decrypt the item, and it will then immediately re-encrypt that for your database on your device.


    but it also says:
    1Password on your Mac doesn’t know the master password or unlock code for 1Password on your device, and 1Password on your device doesn’t know the master password on your Mac.
    so how the iPhone can "...use the master password for your Mac or PC to decrypt the item"?

  4. and now that everything starts to mix up in my mind, when iPhone syncs with Mac, the 1PW on the mac is unlocked, and the 1PW on the iPhone is unlocked (by the 4-digit code), but the master password may not be provided yet, as seen in the history log "Master password was not entered, SL5 is not available". So how PW on the iPhone can re-encrypt updated entries that are 'guarded' by the longer password??

  5. I think I am missing something, because if dropbox is being used, 1PW on the iPhone can read the data file on dropbox which is written by 1PW on the Mac, but if the iPhone does not know the password of the Mac, how can it decrypt it (for re-encryption under its own key)?

    Well,reading more, I see:
    For 1Password to synchronize with Dropbox automatically, it will need access to the following three secrets:
    Your Dropbox credentials (email address and Dropbox password)
    Your master password for 1Password on your iOS device.
    Your master password for your data as stored on Dropbox.

    This can explain question [5], but also it seems that the iPhone DOES have the password of 1PW Mac?! (in the iOS keychain, not the 1PW datafile), so the 2nd quote in [3] above is not accurate (?)


Care to clarify? Thanks.

Comments

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member
    edited April 2011
    These are great questions, Locker. I've been on a "watching my family ski" holiday, so I missed most of this discussion earlier.

    Locker wrote:

    The backup file is encrypted. Right? I assume the restore part will ask for a password. Is it the master password of the 1PW on the phone? I assume that the OP did not forget that password, just the 4-digit password. Otherwise, this recovery method would not help.

    The backups are encrypted using both the 4 digit unlock code and the master password. But the 4 digit unlock code provides no significant security once the data file is off the phone. We found that requiring the 4 digit code caused too many difficulties for people using the backup and restore mechanism to transfer their data between iPhone and iPad. So with only 1000 possible unlock codes to try, we simply get around unknown unlock codes.

    Let me digress here to re-state the purpose of the 4 digit code on the iPhone. It is not intended to provide an additional serious layer of security, instead it is to allow you to something with 1Password on your phone without having to enter your master password. We added this because entering a good master password on an iPhone keyboard can be a chore. "Low security" is called that for a reason.

    So if I assumed correctly that the backup file is protected by the master password of the iPhone the iPhone, is everything protected by that password? including those entries that were protected on the iPhone only by the 4-digit code?
    ... and during the restore, do those entries get re-encrypted by the encryption key of the (new) 4-digit code?

    The "low security" items are only encrypted with the 4 digit unlock code. So if you have important low security items, it would be good to keep your backups in a safe place.


    but how the iPhone can "...use the master password for your Mac or PC to decrypt the item"?

    As you have read from the Agile Keychain Design document your master password on the Mac and PC is used to encrypt and decrypt the actual decryption key on the Mac.

    The short answer is that your master password is never transmitted or stored (unless you explicitly store it in the iOS keychain for automatic Dropbox syncing). Indeed, once your master password is used to decrypt your key on the Mac, the master password is forgotten. So at the point of WiFi syncing, 1Password on your Mac doesn't even know your master password.

    How we do this is part of a longer answer which follows.

    When you first set up 1Password on iPhone, iPod or iPad 1Password creates its own random 128 bit key. If you have used "sync with existing" to initially set it up using WiFi sync to 1Password on the Mac, 1Password on iOS will send that new key to the Mac (this all happens over an encrypted channel). 1Password on the Mac will then re-encrypt its data using that key and send that encrypted data back to 1Password on iOS. We do this encryption on the Mac in behalf of 1Password on iOS because it is faster and will have less of an impact on battery life to perform all this computation on the Mac.

    1Password on the Mac will then encrypt the iOS random key with your key on the Mac, which in turn is encrypted with your master password on the Mac. By then sending the encrypted Mac key and the newly encrypted iOS key back to 1Password on your iPhone you will only have encrypted keys stored in the 1Password data which can only be decrypted with knowledge of the master password you had on the Mac.

    Your master password was never transmitted, but because the encrypted key was transmitted the same master password is required to decrypt and use that key.

    One caution to be aware of is that depending on the keyboard entry characters like ñ or ő or л may not work the same on all platforms. 1Password treats all of these the same way on every platform, but different operating systems may actually pass different data to 1Password.


    it seems that the iPhone DOES have the password of 1PW Mac?!

    I know it seems that way, but that is just because the the same process of going from your master password to the decryption key works on both the Mac and the iPhone then reusing the same encrypted data allows this to happen.

    I hope that this clarifies things. And please continue with the great questions.

    Cheers,

    -j
  • penkapppenkapp Junior Member
    Jeff,
    Good stuff. If I understand you correctly, *NOT* storing your master password in the keychain would prevent the physical proof-of-concept iOS hack recently described by researchers in Germany. Correct?

    jpgoldberg wrote:

    The short answer is that your master password is never transmitted or stored (unless you explicitly store it in the iOS keychain for automatic Dropbox syncing). Indeed, once your master password is used to decrypt your key on the Mac, the master password is forgotten. So at the point of WiFi syncing, 1Password on your Mac doesn't even know your master password.
  • khadkhad Social Choreographer

    Team Member
    edited April 2011
    Hi penkapp,

    Not having 1Password remember your master password (for automatic Dropbox syncing) may be theoretically safer in that it decreases an attacker's vectors of attack by exactly one, but on a practical level, it changes nothing. Phew! Right? :-)

    When reading press reports about that work done by researchers at Fraunhofer Institute for Secure Information Technology it is easy to get the impression that all information stored in the iOS keychains can be acquired by an attacker. But that isn’t true. Only keychain information that is stored in the weakest of “protection classes” is exposed. 1Password uses the strongest protection class, and so your credentials used to automatically sync your data with Dropbox remain secure. This includes your master password on your device, your Dropbox login information, and your master password for your data on Dropbox.

    Please take a look at the blog post Jeff wrote about that exact article (and the others like it) back when it was first published.

    I hope that helps. Please let me know if you have any additional questions or concerns!

    We are always here to help!
  • penkapppenkapp Junior Member
    Thanks for clarifying and the link.

    khad wrote:

    Hi penkapp,

    Not having 1Password remember your master password (for automatic Dropbox syncing) may be theoretically safer in that it decreases an attacker's vectors of attack by exactly one, but on a practical level, it changes nothing. Phew! Right? :-)

    When reading press reports about that work done by researchers at Fraunhofer Institute for Secure Information Technology it is easy to get the impression that all information stored in the iOS keychains can be acquired by an attacker. But that isn’t true. Only keychain information that is stored in the weakest of “protection classes” is exposed. 1Password uses the strongest protection class, and so your credentials used to automatically sync your data with Dropbox remain secure. This includes your master password on your device, your Dropbox login information, and your master password for your data on Dropbox.

    Please take a look at the blog post Jeff wrote about that exact article (and the others like it) back when it was first published.

    I hope that helps. Please let me know if you have any additional questions or concerns!

    We are always here to help!
  • brentybrenty

    Team Member
    penkapp wrote:

    Thanks for clarifying and the link.


    No way: Thank you for bumping this thread so I didn't miss it! That was a good read, and some awesome questions and answers, you guys. I could always stand to learn a thing or two. :)
This discussion has been closed.