Questions about the White Paper

This discussion was created from comments split from: White paper clarifications.


  • Hey there! Also just reading the whitepaper. What exactly is the public salt "from local storage"? Only looking at my e-mail address, master password and account key, I am not quite sure how this comes into play. How do I get (only from these three components) this so called salt? It must stem from one of these components, since the salt (I assume) can't change because otherwise the master unlock key would always be a different one.

  • brentybrenty

    Team Member
    edited November 2016

    @taccuino: It sounds like you're referring to the following section, describing where the encryption keys come from (p21 — apologies for the formatting):

    Key Derivation

    2: (k A, e, I, s)←AccountKey, emailaddress, ID, salt from local storage

    This is referring to the fact that the salt is used to generate the keys locally on your device, rather than using information from the server. You can read more details on page 15. I hope I'm not misunderstanding your question. Be sure to let us know if you have others! :)

  • Yes, exactly. I was wondering where the salt is actually stored? In the vault maybe?

    And another question: If I were to have a look at the vault, where it is located on my drive? I would like to have a look at the file, maybe write a simple command line interface for learning purposes that is able to retrieve a password out of the vault file.
    Is it a physical file or is it stored in a sqlite database? How could I access my personal fault (and I mean the vault which syncs up to 1password where the Account key is necessary, not the other vault which can be synced to dropbox e.g.)

  • brentybrenty

    Team Member

    @taccuino: The salt is not kept permanently; rather, it's used as "seasoning" to create the keys initially. It's merely one "ingredient" for making your data secure — which brings me to the next point: Your data is encrypted. You can find the monolithic databases for all vaults (either local or cached from the server) in 1Password's support folder, but they won't make for a very compelling read. As far as the exact path, that will depend on which version you're using.

This discussion has been closed.