This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Data visibility

agilefan1587
agilefan1587 Junior Member
I have a few questions concerning data visibility. I am wondering about what a bad guy could see even without the master password.



1) It is my understanding that password strength is no longer stored in the clear but is now encrypted. My keychain is a couple years old. Were the strengths automatically encrypted or do older keychains still have strength information stored in plain text? I am running v3.8.20 on my mac.



2) Is there any information, other than titles and URLs that are stored in plain text?



3) How do smart folders appear in the keychain and in iOS apps? Are the names of the smart folders, search criteria, or cards that matched the criteria visible? For example, if I create a smart folder titled "sites that use password abc", where abc is the actual password being searched for, will a bad guy be able to see that I use "abc" or what sites the search matched with?



Randy

Comments

  • agilefan1587
    agilefan1587 Junior Member
    4) Same question as 3, but with tags and folders. Are either tag or folder names and membership visible without the master password?
  • khad
    khad Social Choreographer
    edited August 2012
    Good questions, Randy. It is great that you are thinking about these things. From the [url="https://agilebits.com/onepassword/mac/release_notes#v31205"]1Password 3.8.11 release notes[/url]:



    [quote]Improved defence against data harvesters by not including the password strength indicator. This only applies to new and edited items; to update all your old items, the [b]Help > Troubleshooting > Rebuild Data File[/b] menu can be used.[/quote]



    While your sensitive data is always strongly encrypted, metadata about the items is not. The easiest way to visualize this is to simply open the [b]View > Columns[/b] menu. Apart from password strength, the metadata represented there which is used to sort items is not currently encrypted:[list]

    [*]Icon

    [*]Title

    [*]Location

    [*]Type

    [*]Modified Date

    [*]Created Date

    [*]Folder

    [*]Tag

    [/list]

    So tags assigned to an item and the folder an item is located within are both available in the JSON. Smart Folders are each represented by a unique `.1password` item within the data file bundle, but neither the search criteria nor the items which meet the criteria are available in the JSON.



    Though we like to be agile and not normally announce features before they are delivered, this is an aspect of our forthcoming format which we have publicly announced. The new format which encrypts such metadata is in very active development, but I can't give more details at this time.



    I hope that helps. Please let me know if you any further questions or concerns.

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.