Changed master password, but new encryption does not get pushed to Dropbox

I've changed my master password to something more secure via the "Change Master Password…" button in the settings. After doing that, I was waiting for Dropbox to update, but only 3 small files were updated for a few seconds.

The 1Password.agilekeychain file/folder is 35 MB so I don't think the entire update got pushed through. Does this mean that all my entries are still encrypted with the old less secure password in the cloud? How do I fix this?

Mac OS 10.8.3
1PW 3.9.6 (39600.038)
Dropbox 2.0.5


  • khadkhad Social Choreographer

    Team Member
    edited June 2013

    When you enter your master password, 1Password attempts to decrypt the encryption key which is 1024 bytes of random data generated when the data file was created. If the master password is correct, then the key is provided. Otherwise, nothing is returned. When you change your master password, only the encryption key needs to be changed because of this. What you saw Dropbox upload was the encryption key. (Well, technically three copies of it: encryptionKeys.js, 1password.keys, and .1password.keys.)

    You can read more about this in the User Guide:

    Agile Keychain Design

    Here is a relevant bit from the "Hierarchy of Encryption Keys" section:

    In order to allow you to change your password without needing to decrypt and re-encrypt the entire Agile Keychain, an encryption key hierarchy was created. Instead of encrypting data with the password directly, a random key of 1024 bytes is used. This password is generated by cryptographically appropriate random number generators, relying in part on true random numbers where the operating system supports that. This key is stored in the encryptionKeys.js file, encrypted using PBKDF2 from the user's master password.

    If we can be of further assistance, please let us know. We are always here to help!

This discussion has been closed.