TrueCrypt, Dropbox and Syncing

Dinesh8Dinesh8
edited May 2013 in iOS

Details:

  • iOS device model = iPad Mini
  • iOS device Version = 6.1.3 (10B329)
  • 1Password iOS Version = 4.2.1

I have just purchased the above iOS 1Password App for my iPad Mini. It has been a great experience using it and I feel happy I purchased it, especially at a discounted rate.

I love to use 1Password with DropBox sync and it has been great so far. However, I am facing a tough time to secure my 1Password KeyChain with "TrueCrypt". I have no problems creating a Mountable Container but I do have difficulties in Syncing 1Password data across Mac and iPad after placing the Container with KeyChain file in Dropbox.

I am very sure I have made a mistake somewhere and would appreciate it a lot if you could show me the right method to place the KeyChain file into TrueCrypt Container and ultimately Sync it into DropBox ?

I understand that this extra TrueCrypt step isn't necessary but I'm doing it for my peace-of-mind as I deal with sensitive data related to my company. At the same time there are frequent stories on news highlighting that hackers are able to crack Hashed Passes (which contains 16key symbols, numbers and etc). Below link has the story which I'm sure AgileBits would have learnt about already.

http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

Comments

  • khadkhad Social Choreographer

    Team Member

    You are correct when you say that this step is not necessary. Your 1Password data file is already designed to withstand sophisticated, targeted attacks such as those from the preeminent password cracking tool John the Ripper.

    If you encrypt your data file with another layer of encryption, the mobile devices will not be able to read the data file since they are not designed to decrypt TrueCrypt containers on top of the encryption that is already in place protecting your data.

    From the moment we designed the Agile Keychain data format we ensured that it was able to withstand an attack should your data fall into the wrong hands, either as a result of a Dropbox breach or if someone physically stole your computer. As such, we use AES encryption with PBKDF2 key strengthening to protect your sensitive 1Password data as well as many other mechanisms to stop an attacker from ever accessing your information and we detail this here:

    Security of storing 1Password data in the cloud

    So, as long as you use a secure master password that you don't use elsewhere, your 1Password data is incredibly safe even when stored on a service like Dropbox. If you're not sure about the strength of your master password, please do take a look at our recent blog post on this:

    Toward Better Master Passwords

    I can't think of many better ways to show just how strongly 1Password protects your data than by pitting it against the pre-eminent password cracking tool John the Ripper. We did exactly that:

    1Password is Ready for John the Ripper

    But the choice is yours to make. You can sync via USB if you are cloud averse. :)

    1Password USB Syncing

    If we can be of further assistance, please let us know. We are always here to help!

This discussion has been closed.