Dropbox paranoia: changing master password and deleting old versions

Docproc

Hi



I use 1Password across several devices, syncing with Dropbox. I have a strong, unique 1Password master password, and a strong, unique Dropbox password.



I was one of the people who received the email from Dropbox saying that my password had been reset. I assume this was because I hadn't changed it in a while.



I'm slightly concerned that Dropbox may not be telling the whole truth about the incident - they have a history of not coming clean - so what I want to do is:[list=1]

[*]Turn off 1Password/Dropbox syncing

[*]Remove all old versions of my Agile keychain (with the old master password) from Dropbox

[*]Change my 1Password master password

[*]Re-sync with Dropbox, or possibly fall back to good ol' LAN syncing for a while

[/list]

Have I got the steps right here?



Note that you have to go through an [url="https://www.dropbox.com/help/40/en"]extra step[/url] to [i]permanently [/i]delete files from Dropbox.



Thanks



Glenn.

Walter.hmcampbell

Hi Glenn,

Just listening in, I have no answers, effectively a clean secure recovery your asking.

That's an important question, even if one has not been possibly compromised.



Walter

khad

Thanks for asking about this, Glenn. We have a blog post with the full scoop for 1Password users:



[url="http://blog.agilebits.com/2012/07/31/password-reuse-dropbox/"]http://blog.agilebit...-reuse-dropbox/[/url]



Please read the full post, but here is an especially pertinent bit:



"Even if someone were to get a hold of your 1Password data through Dropbox or some other means, they would not be able to get your usernames, passwords, and other data stored within it without knowing your 1Password Master Password. But this is why [url="http://help.agilebits.com/1Password3/cloud_storage_security.html"]we designed the 1Password data format[/url] with the knowledge that some people may have their data files stolen. Indeed, just yesterday I wrote (in gory detail) just how well 1Password and your Master Password work together to [url="http://blog.agilebits.com/2012/07/31/1password-is-ready-for-john-the-ripper/"]resist even the most sophisticated password cracking tools[/url]."



If you are concerned about the strength of your master password, you can always perform the steps you list above. I hope that helps. Please let me know if you have any other questions or concerns.

Docproc

Thanks Khad - I'd already read the blog posts you mention; as a loyal 1Password user I am of course subscribed to the Agile blog. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />



I'm not especially concerned about the strength of my master password, but thought I should change it anyway in light of the (potential) Dropbox breach.



Here's a hypothetical scenario:



- user stores their 1Password file in Dropbox with a weak master password, and a Dropbox password that's reused elsewhere



- user's Dropbox account is compromised due to password reuse



- user changes 1Password master password to a strong one, and thinks they're now safe



- however the old 1Password file, [i]with the weak master password[/i], is still available to the bad guys due to Dropbox's versioning feature



I would suggest that 1Password should automatically clean out all old versions of the file on Dropbox when a user changes his/her master password. I know this is possible to do manually given the steps I outlined in my original post, but ideally 1Password would do it automatically. This is assuming that the Dropbox API allows the "delete all revisions" operation.



Glenn.



EDIT: I just used the "Stop using Dropbox" option in 1Password, and the file is no longer showing in Dropbox - however it is still there; clicking on "Show deleted files" in the Dropbox web interface shows it:



[img]http://dl.dropbox.com/u/23033/1Password.png[/img]

khad

[quote]Thanks Khad - I'd already read the blog posts you mention; as a loyal 1Password user I am of course subscribed to the Agile blog. [/quote]

Awesome! <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/biggrin.png' class='bbc_emoticon' alt=':D' />



[quote]I'm not especially concerned about the strength of my master password, but thought I should change it anyway in light of the (potential) Dropbox breach.[/quote]



You should only change your Master Password if it is weak and needs to be made stronger or if it is also used for something else. Your 1Password Master Password isn’t like a typical Login password, and so security advice that tells people to change passwords regularly does not apply to things like your 1Password Master Password.



In technical terms your 1Password Master Password is an encryption password instead of an authentication password; the advice used for one does not apply to the other. Once you have a strong, memorable, and unique Master Password you should not change it.



[quote]I would suggest that 1Password should automatically clean out all old versions of the file on Dropbox when a user changes his/her master password. I know this is possible to do manually given the steps I outlined in my original post, but ideally 1Password would do it automatically. This is assuming that the Dropbox API allows the "delete all revisions" operation.[/quote]

This is certainly something that could be helpful. I think the root of the problem is that there is no way for 1Password to remove old versions of files from Dropbox since all 1Password is doing is writing to your local filesystem. Dropbox performs the syncing and stores the old versions. I'll see if I can't get some more information on this for you.

Docproc

I would suggest that 1Password should automatically clean out all old versions of the file on Dropbox when a user changes his/her master password. I know this is possible to do manually given the steps I outlined in my original post, but ideally 1Password would do it automatically. This is assuming that the Dropbox API allows the "delete all revisions" operation.



[quote name='khad' timestamp='1344036169' post='61238']

This is certainly something that could be helpful. I think the root of the problem is that there is no way for 1Password to remove old versions of files from Dropbox since all 1Password is doing is writing to your local filesystem. Dropbox performs the syncing and stores the old versions. I'll see if I can't get some more information on this for you.

[/quote]



Dropbox has a REST API, but while there is a command to delete files, I'm not sure if it allows removal of previous versions, which is what would be needed. Plus there's the OAuth authentication to set up, so it's probably not straightforward.



Perhaps an easier option would be to pop up a dialog box or reference to a help page suggesting that users use the Dropbox web interface to delete old versions at the end of the file moving process that happens when one clicks "Stop using Dropbox"?



Glenn.

khad

As I mentioned above, at this time 1Password is not using any API but merely writing files directly to your local disk. The Dropbox client running on your machine is what handles all sync operations.



This may change in the future, and we can certainly investigate this further at that time. For now, we'll definitely take your suggestion under advisement to offer some help in this area through the interface.



Thanks for mentioning this!

sddawson

I've been pouring over security best practices, and have changed my 1password password to something strong. I sync using Dropbox. I understand that I should also delete from Dropbox all history for the files 1password.keys, .1password.keys and encryptionKeys.js, so that these can't be used to derive my encryption key using my old password. Anyone know the best way of doing this? The Dropbox web interface only seems to let you restore a previous version, not delete it. Maybe I can keep copies of those files on my Mac, delete them from Dropbox, delete them permanently on Dropbox to get rid of all traces, then copy them back on the Mac. Would this work? Is this the best way?



Thanks for any tips...

khad

I've merged your post with this existing thread. Please see above and let me know if you have any additional questions. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />

sddawson

Nobody got any advice on how to deal with old copies of the 1P files on Dropbox?

khad

Did you read the posts above (including and especially [url="http://forum.agilebits.com/index.php?/topic/10690-dropbox-paranoia-changing-master-password-and-deleting-old-versions/page__view__findpost__p__61187"]the first one in this thread[/url])? Is there something specific you are having trouble with in [url="https://www.dropbox.com/help/40/en"]the procedure[/url]? I'm not certain that I understand what your trouble is. Could you please describe in as much detail as possible the steps you are taking, and what you are [not] seeing happen? With some additional information from you we can then provide you with specific assistance.

sddawson

Hi Khad. Yes, I read through the posts, but I was hoping there was a way to simply delete old versions on Dropbox without having to stop Dropbox syncing entirely. I have 4 devices/Macs syncing 1P with Dropbox. If I have to turn off syncing to accomplish this, would I just do that on one Mac, permanently delete all 1P files from Dropbox, then turn syncing back on. Will the other 3 devices then continue to function normally?



Thanks for the help.

Docproc

[quote name='sddawson' timestamp='1344582682' post='61385']

Hi Khad. Yes, I read through the posts, but I was hoping there was a way to simply delete old versions on Dropbox without having to stop Dropbox syncing entirely. I have 4 devices/Macs syncing 1P with Dropbox. If I have to turn off syncing to accomplish this, would I just do that on one Mac, permanently delete all 1P files from Dropbox, then turn syncing back on. Will the other 3 devices then continue to function normally?

[/quote]



There is a way to delete all old versions in Dropbox, it's just not very intuitive. All of the steps below must be done from the Dropbox web interface. Note that you should switch off "Use Dropbox" in 1Password before doing this!



1. Log in via the Dropbox web interface



2. Right click on the file you want to delete, I'll use 1Paa_example.txt but you will probably want to use the 1Password folder. Select Delete.



3. However as we've discussed, this only deletes the[i]current version [/i]of the file. Old versions are still there.



4. Click on the little Trashcan icon in the Dropbox "toolbar". It will change its appearance slightly and the file list will change to show current and deleted files.



[img]https://dl.dropbox.com/u/23033/drop1.png[/img]



5. Right-click on the file you [i]really[/i] want to delete and select "Permanently delete"



[img]https://dl.dropbox.com/u/23033/drop2.png[/img]



6. It'll ask you for confirmation, and then permanently delete the file.



Of course we have to take Dropbox's word for it that this is what actually happens, but I'm comfortable with that.



Hope this helps - don't forget to have a backup copy of your 1Password file before doing any of this!



Glenn.

sddawson

Thanks for the detail, Glenn. I was hoping there was a way to delete old file versions without disconnecting 1P from Dropbox, but probably not. Do you just disconnect from one of your devices, delete all the 1P files, then reconnect from that device? You can leave all other devices (as long as they're not going to do an actual sync during the process)?

khad

The simplest way to do it is to back up your data file after changing your master password (File > Backup) and then delete it from all computers and devices and remove the deleted copies via the Dropbox interface. Then restore the backup (File > Restore). It will resync to all the devices with no deleted copies available on Dropbox.

sddawson

Am I right in thinking that this procedure also forces a re-encryption of everything? What if I was just concerned about getting rid of old Dropbox files after a change of master password? Could I then follow the procedure I mentioned above.... "D[color=#282828][font=helvetica, arial, sans-serif]isconnect from one of your devices, delete all the 1P files (from Dropbox), then reconnect from that device? You can leave all other devices (as long as they're not going to do an actual sync during the process)?"[/font][/color]

khad

Changing the master password does not re-encrypt everything. You would need create a new data file to do that. Note that there is no need to re-encrypt everything if an attacker does not have access to the old encryption keys protected with your weaker master password.



The simplest method to remove old versions of the encryption keys is to follow the steps I outlined in [url="http://forum.agilebits.com/index.php?/topic/10690-dropbox-paranoia-changing-master-password-and-deleting-old-versions/page__view__findpost__p__61397"]my post above[/url].

sddawson

I'm sorry to keep harping on this, Khad, but I'd like to see if my understanding is correct. And maybe having all this in one place will help others too. I see the following options:



Just changing a 1P master password will mean that at least the number of [color=#333333]PBKDF2 iterations used will be updated to whatever is the latest methodology.[/color]



[color=#333333]Your procedure, involving a backup/delete on one Mac, a delete on all other Macs/devices, permanent deletion of all 1P files on Dropbox, restore on the original Mac and then a resync on all other devices, will have the added benefit of re-encrypting all 1P entries.[/color]



[color=#333333]Docproc's procedure, involving a disconnect from Dropbox on one device, permanent deletion of all 1P files on Dropbox and a reconnect to Dropbox, will result in at least no old copies of encryption keys hanging around on Dropbox that could be used by cracking an old password. If I'm not worried about re-encryption, this seems a lot easier to perform than your suggested procedure. If I did this, would I need to do anything at all to all the other devices, or would they then continue to sync normally?[/color]



[font="Helvetica Neue, Arial, Helvetica, Geneva, sans-serif"][color="#333333"][size=4]I did suggest an alternative to Docproc's approach, which is to just move the 3 key-related files out of the agile keychain on one Mac, permanently delete those 3 files from Dropbox, then copy them back into the keychain so they get re-synced to Dropbox. Not sure whether you deem this appropriate though.[/size][/color][/font]



[color=#333333]Again, thanks for your patience in leading me through all this![/color]

khad

I must admit, I'm beginning to get a bit confused. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />



What is the goal you are trying to accomplish?



Changing the master password only applies to the current version of the data file (and going forward). Backups are still accessible using the master password that was in effect at the time the backup was made.



If you were using an incredibly weak master password and are concerned about someone getting access to your data, simply delete the backups and create new ones.



I've outlined above how to remove deleted files from Dropbox, but your suggestion to just do this with just the keys should be sufficient. That's just more complicated for novice users than doing it wholesale as I described. I try to write not just for the moment but for posterity as well. I expect many people with varying skill sets will end up reading this thread via Google searches over time. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/biggrin.png' class='bbc_emoticon' alt=':D' />



The only way to actually re-encrypt is to create a new data file — a brand new one, not just restoring from a backup. You can do this by exporting everything to 1PIF, [url="http://help.agilebits.com/1Password3/create_new_keychain.html"]creating a new data file[/url], and then importing the 1PIF data into the new data file. That said, there is [b]no need to re-encrypt everything[/b] if the current master password is strong and access has been eliminated to the keys files which used the old master password. It is much simpler to just remove access to the old backups.



Just be careful if you do that since you will be "working without a net" so to speak. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/wink.png' class='bbc_emoticon' alt=';)' />

sddawson

Ah, now I understand my own confusion! I didn't realise the distinction between a backup and restore (no re-encyption) vs an export to PIF/import (re-encyption). Makes much more sense now! I'm not particularly concerned about re-encryption one I can get all old files deleted from Dropbox.



One more question about your procedure now that I understand things better. I run a backup, then delete all 1P data files from everywhere. I then restart 1P on a Mac. This will create a new data file right? But a restore will then completely overwrite it. Is that correct?



I'm still wondering whether Docproc's procedure is easier (as long as you think it would get the job done). Simply turn off 1P/Dropbox syncing on one Mac, delete all the files from Dropbox using its web interface, then reconnect to Dropbox. Don't need to bother deleting any files from anywhere. I would, of course, have to make sure nothing else was trying to sync at the time. Would this work?



Thanks again.

khad

My advice was and is to follow [url="http://forum.agilebits.com/index.php?/topic/10690-dropbox-paranoia-changing-master-password-and-deleting-old-versions/page__view__findpost__p__61397"]the procedure I outlined above[/url]. If you try something else, let me know how it goes. Don't forget to backup first. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />

sddawson

OK, I followed your procedure, doing the following steps:



Backed up my data file on the desktop.

Quit 1P and Safari on laptop and desktop.

Deleted 1P app on iPhone and iPad. Not sure if this was strictly necessary, but wasn't sure how else to delete the 1P data file.

Deleted 1Password.agilekeychain on my dropbox on desktop.

This deletion started syncing to Dropbox and to the laptop.

During this syncing, a message popped up on the laptop saying a 1P backup had failed because the data file wan't valid. Where did this come from? 1P wasn't running. Helper app?

Started Safari to get to Dropbox. I noticed that the 1P extension still knew about all my logins. How does this work?

Following Docproc's procedure, I went to my 1P folder on Dropbox (where I have the keychain). It was empty, as expected. Click show deleted files, and the old 1Password.agilekeychain shows up.

Tried to permanently delete that and got a message from Dropbox saying there are too many files to delete!

I then had to go into that folder and delete the enclosed folders one by one, which worked fine.

Started 1P on the desktop, and ignoring the startup splash screen I restored the backup.

Keychain started syncing to Dropbox. While it synced to the laptop, got another backup failed message, saying the data file wasn't complete, which, of course, it wasn't, but still not sure what's causing the backup to be attempted.

Re-installed 1P on iPhone and iPad and set them up again.



I noticed something which I think is a little wrong while setting up the iPhone again. Just to see what would happen, I didn't ask 1P to remember my iPhone master password when setting up sync. The first sync went through. Now, if I go into Sync prefs again, it says, as expected, that automatic sync is disabled. Pressing Sync Now prompts for my phone's master password. But if I don't do that and instead tap on my dropbox account name, I'm taken to a screen that has my 1P master password for the file on Dropbox (covered by dots). If I tap on that and tap on Go without changing anything, a sync starts without ever having typed in my phone's master password. This would indicate to me that the phone's password has been saved in the keychain without me asking it to be. And the master password for the dropbox data file is always stored. Is this right?

khad

[quote]During this syncing, a message popped up on the laptop saying a 1P backup had failed because the data file wan't valid. Where did this come from? 1P wasn't running. Helper app?[/quote]

Yes, the backups are created by the background process: 1PasswordAgent in 3.8 and 1Password Helper in 3.9. They server the same functions including creating backups and controlling keyboard shortcuts.







[quote]Started Safari to get to Dropbox. I noticed that the 1P extension still knew about all my logins. How does this work?[/quote]

Because each browser extension is sandboxed it has its own store of the data. Just remove and reinstall the extension(s) as described in our support article here:



http://support.agilebits.com/kb/browser-extensions/i-just-changed-my-master-password-but-my-browser-extension-doesnt-recognize-it-mac





Your last question is probably better for the iOS forum. I will be honest and say that it has been a long day, so I am punting a little bit on that. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/tongue.png' class='bbc_emoticon' alt=':P' /> However, I do want to review it and make sure everything is working as designed. Could you repost that bit in the iOS forum so I don't forget to test tomorrow?

sddawson

Will do!

sddawson

Actually, I added to my post on [url="http://forum.agilebits.com/index.php?/topic/10412-storage-of-master-password-on-ios-devices/page__fromsearch__1"]this[/url] thread, which is the same sort of subject.

charlie98

based on comments in this thread, and more so based on Jeff's latest comment in the thread referred to by sddawson, I have yet again decided not to use dropbox. The authentication vs encryption discussion makes for an interesting academic argument but if authentication can easily be defeated due to third-party problems thus exposing passwords then encryption may well be a waste of time. JMO

khad

[quote]…encryption may well be a waste of time.[/quote]

It is absolutely up to you if you want to enable optional syncing via Dropbox, but I would say that if your data ever falls into the wrong hands the encryption 1Password provides becomes exponentially [b]more[/b] important rather than less.



1Password performs no authentication (by design). That is why the strength of your master password is so important. A good master password will protect your data for life [url="http://blog.agilebits.com/2012/07/31/1password-is-ready-for-john-the-ripper/"]no matter who gets ahold of your data file[/url].

sddawson

I think you're missing the point, Khad. charlie98's comments were in relation to the 1P problems with the iPhone platform, I think, whereby your 1P master passwords themselves could fall into the wrong hands (as discussed in the other thread, referenced above). But correct me if I'm wrong, charlie98.

charlie98

@sddawson, you are correct in that I am quite concerned about iPhone. Much of my concern centers around the notion that a master password can be "exposed" but I am unable to decipher whether that means the unencrypted or the encrypted version. I have also read where, by default, 1PW uses [color=#282828][font=helvetica, arial, sans-serif]"low security" or "master password protection OFF" for iPhones and that if you create a login item on the iPhone you manually have to turn master password protection on. [/font][/color]



[color=#282828][font=helvetica, arial, sans-serif]As [/font][/color][color=#282828][font=helvetica, arial, sans-serif]Kh[/font][/color][color=#282828][font=helvetica, arial, sans-serif]ad [url="http://forum.agilebits.com/index.php?/topic/10762-security-authentication-vs-decryption-cracking-and-more/page__view__findpost__p__61600"]has stated[/url][/font][/color] [color=#282828][font=helvetica, arial, sans-serif] [/font][/color]

[quote][color=#282828][font=helvetica, arial, sans-serif]Anyone can write a program that decrypts the data if they can get the master password[/font][/color][/quote]



Jeff[url="http://forum.agilebits.com/index.php?/topic/10412-storage-of-master-password-on-ios-devices/page__view__findpost__p__59805"] has stated[/url]

[quote][color=#282828][font=helvetica, arial, sans-serif]If automatic syncing is enabled, your 1Password master password is stored in the iOS keychain. However, it is stored using the most restrictive data protection class possible. To get at things in the keychain stored with this protection class, the attacker would require (1 ) the device passcode, (2) a jailbreak of a particular sort, and (3) physical access to the device (the attack could not be run against an iTunes backup)[/font][/color][/quote]



If someone steals your iPhone with malicious intent then it is possible that all 3 of the conditions that Jeff has stated could be met and that Khad's quote could come true. Coupled with Jeff's comment about a possible bug in this process and it is not clear, at least to me, what the real exposure is.



Another 1PW vulnerability came to light in the[url="http://blog.agilebits.com/2012/08/19/more-than-just-one-password-lessons-from-an-epic-hack/"] Epic Hack blog post[/url], specifically that without a 1PW backup that cannot be attacked (safety deposit box perhaps?) you could find yourself not knowing any of your passwords and without a 1PW database. It's a great thing that you can us Remote Wipe if your iPhone is stolen, not so great if the thief uses it first and wipes all your known devices.



IMO encryption will not save you from malicious intent in all situations, it certainly makes things more difficult for an attacker but not impossible. I'm depending upon AgileBits to protect my information and, at least at the moment, it appears that Dropbox in conjunction with less secure devices creates a potential hazard that I am not willing to live with hence goodbye Dropbox and all backup files located there.



Without the time and interest to read threads on this subject I would have had no clue that an issue even existed. AgileBits needs a best practices FAQ that addresses the recently identified vulnerabilities.

sddawson

[quote][color=#282828][font=helvetica, arial, sans-serif]I have also read where, by default, 1PW uses [/font][/color][color=#282828][font=helvetica, arial, sans-serif]"low security" or "master password protection OFF" for iPhones and that if you create a login item on the iPhone you manually have to turn master password protection on.[/font][/color][/quote]



Yes, that does appear to be true, and I can't see a way of changing that behaviour.



[quote][color=#282828][font=helvetica, arial, sans-serif]If someone steals your iPhone with malicious intent then it is possible that all 3 of the conditions that Jeff has stated could be met and that Khad's quote could come true. Coupled with Jeff's comment about a possible bug in this process and it is not clear, at least to me, what the real exposure is.[/font][/color][/quote]



Exactly. Not easy to do this by any means, and it's a usability vs security issue.



[quote][color=#282828][font=helvetica, arial, sans-serif]Without the time and interest to read threads on this subject I would have had no clue that an issue even existed. AgileBits needs a best practices FAQ that addresses the recently identified vulnerabilities.[/font][/color][/quote]



I think this is a [i]very [/i]important point. There's a lot of information on the blogs and in the forums, but the vast majority of users will never see this. I think Agilebits, as you say, should consolidate all the latest intelligence, and notify every single user of 1P of the existence of the information. You can imagine what will happen the first time someone's 1P keychain is hacked because of weak master password(s) and no or weak device passcodes. All hell will break loose on Agilebits!