Wi-Fi Syncing

thomas089

[quote name='khad' timestamp='1355738862' post='65692']

With a strong master password, "only matter of time" is on the order of thousands or millions of years. I am not sure my bank account will still be active then.



[img]http://tooagile.wpengine.netdna-cdn.com/wp-content/uploads/2012/07/JtR-1P-crack-times-750x305.png[/img]



(via [url="http://blog.agilebits.com/2012/07/31/1password-is-ready-for-john-the-ripper/"]1Password is Ready for John the Ripper[/url])



If you are not sure about the strength of your master password, please do review our article (which is also linked in the John the Ripper article):



[url="http://blog.agilebits.com/2011/06/21/toward-better-master-passwords/"]Toward Better Master Passwords[/url]



In addition to our post on John the Ripper, you may also want to read our post that was written as a follow up to [url="http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/"]the original article that broke the story about Gosney's work[/url]. The follow up was written even before Ars ever published their take on it:



[url="http://blog.agilebits.com/2012/12/05/hashing-fast-and-slow-gpus-and-1password/"]Hashing fast and slow: GPUs and 1Password[/url]



If you have any further questions or concerns about the security of your 1Password data, please let me know.

[/quote]



No matter how often and with what kind of arguments you want to "sell" us the cloud, you won't sweeten the deal. Cloud is just a no go for some people, no matter what the reason is (company policy, paranoia etc.). You should just accept this as a fact and not try to convince people with arguments that cloud is a solution for them. It is NOT.

jhm

A random survey for what it's worth:



[url="http://www.computerweekly.com/news/2240174444/Most-IT-pros-do-not-trust-cloud-services-with-sensitive-data"]http://www.computerw...-sensitive-data[/url]



[QUOTE]Most IT pros do not trust cloud services with sensitive data

Thursday 13 December 2012 10:07



Just over half of IT professionals who focus on cloud computing do not trust cloud services for any of their personal data, a survey has revealed.



Some 86% of those polled by Lieberman Software said they do not trust the cloud for their organisation’s more sensitive data, and 88% said that they believe that there is a chance that the data their organisation keeps in the cloud could be lost, corrupted or accessed by unauthorised individuals.[/QUOTE]



I don't work in IT but the above shows that my belief (I don't want some of my most sensitve data in the cloud) isn't so wacky - even more so when I'm being asked to expose myself to the additional risk of the cloud for the sole purpose of syncing data from my laptop in one hand to my mobile phone in the other hand ?!?

alexo

[quote name='khad' timestamp='1355738862' post='65692']

With a strong master password, "only matter of time" is on the order of thousands or millions of years.

[/quote]

This is true only if you make those two assumptions:

1. Computers will never get any faster than they are today

2. The sciences, especially maths and cryptography, will not make any significant progress.



ad 1.:

Moore's Law is still in progress. Every 2 years our computers double their computing powers. In 20 years, they will be 1000 times faster than today, in 40 year a million times, in 60 years a billion times faster.

So, if I wanted to crack something that "takes a million years to crack", the simplest way would be to wait 40 years, go to my local supermarket and buy a computer. This computer is able to do the calculation in just 1 year.

Total time needed to crack the "million years": 41 years.



(thats a maximum .It will probably be even faster, e.g. if I start calculating today already and get a new computer every 2 years, or if I take 1.5 years instead of 2 for a Moore's period. but let's keep things simple)



ad 2.:

The advances in science are impossible to predict, but we can be sure of one thing: If they happen, they will shorten the time-to-crack even more, maybe drastically.



Remember DES? "Takes a million years to crack", said the advertisers in the 80s. This is still true - if (and only if!) you are still using a computer from the 80s with a cracking algorithm from the 80s.

30 years later: Last thing I read is that with current computers and knowledge, it is a matter of minutes to crack DES encryption.





I understand that something like

"takes less than 41 years to crack"

or

"takes a million years to crack if and only if computer science makes no more progress at all"



sounds less impressive (and sells less) than

"takes a million years to crack"



However, it's simply not the whole truth. Please do not mislead your customers.

RichieB

[quote name='alexo' timestamp='1355756671' post='65711']

Total time needed to crack the "million years": 41 years.

[/quote]



Excellent and valid point. I strongly advise not storing any secrets in the cloud via 1Password that are still valuable 41 years from now. Just to be safe: make that 10 years.

tseager

[quote name='khad' timestamp='1355738862' post='65692']

With a strong master password, "only matter of time" is on the order of thousands or millions of years. I am not sure my bank account will still be active then.



(via [url="http://blog.agilebits.com/2012/07/31/1password-is-ready-for-john-the-ripper/"]1Password is Ready for John the Ripper[/url])



If you are not sure about the strength of your master password, please do review our article (which is also linked in the John the Ripper article):



[url="http://blog.agilebits.com/2011/06/21/toward-better-master-passwords/"]Toward Better Master Passwords[/url]



In addition to our post on John the Ripper, you may also want to read our post that was written as a follow up to [url="http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/"]the original article that broke the story about Gosney's work[/url]. The follow up was written even before Ars ever published their take on it:



[url="http://blog.agilebits.com/2012/12/05/hashing-fast-and-slow-gpus-and-1password/"]Hashing fast and slow: GPUs and 1Password[/url]



If you have any further questions or concerns about the security of your 1Password data, please let me know.

[/quote]



This above post is a feast of Red Herring.



Agile is simply trying to convince us that they know best. But Agile has an agenda, they want to reduce support calls. I can understand their economics, but using deception to convince customers is disappointing at best.



As a information security professional, I can say that brute force attacks are only one way to attempt to unlock a password vault. But here are some other considerations:

-Why don't we all use simple ciphers as was done in Roman times? Because they can be cracked. Why are MD5, SHA1, DES, 3DES depreciated? These encryption algorithms have weaknesses that allow attackers to bypass brute force attempts and significantly reduce the amount of time it takes to reveal encrypted or hashed text.



-Once your passwords are copied to the cloud, they have the potential of being analyzed for whatever time it takes to decrypt them. If it takes an attacker a year to decrypt, then you had better refresh all your passwords every year. Some confidential data is never obsolete, so this won't help you.



-Most of all, the above tables do NOT take into account weaknesses in the implementation of encryption. A casual consumer can only take Agile's word for it. However, poor implementation of encryption is responsible for most failures of encrypted systems.



-Most IT security analysts have concluded that customer data held by corporations is accessible, and is accessed by governments. Google, Canada's own Blackberry have all capitulated to government access to encrypted customer data. US DoD, NASA, Google, Symantec, RSA, and other notable corporations have not been able to protect classified information, source code, tokens, or trade secrets. The CIA has gone on record saying that nearly all US government secrets are in the hands of the Chinese. Do you regard DropBox as "secure" as these organizations? Why do companies control physical access to their data, even though it is encrypted?



-Only two things protect your data from those who want your passwords. 1) Physical access, 2) Agile's implementation of encryption.

DropBox is not secure. DropBox has lied to users about access to your data. Agile tells us to trust DropBox. I can't. Agile has and continues is throwing out half truths trying to convince their customer base that reducing their costs is just as secure as managing the distribution of your data. It isn't.



-Although I can't find evidence of this, Agile COULD argue that the risks of putting your information in the cloud are low enough to warrant the use of DropBox. For some purposes, such as children's accounts, that could be. But corporations that classify data for requisite protections, always classify passwords at their highest level.



If you feel "safe" with DropBox, then by all means, put your data in the cloud. But I can assure you, it IS NOT.

RichieB

[quote name='tseager' timestamp='1355758252' post='65715']

However, poor implementation of encryption is responsible for most failures of encrypted systems.

[/quote]



Agreed. That is why 1Password is using AES-128, an alogorithm universally believed to be very strong for decades to come (see [url="http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf"]NIST sp800-57[/url]). I'm quite sure Agile Bits did not implement the AES algorithm themselves. Perhaps they are even using the built in AES functions of iOS, OS X and Windows. If so, it comes down to the Apple and Microsoft implementations of the algorithm, but more importantly the key derivation function PBKDF2.



[quote]

Why do companies control physical access to their data, even though it is encrypted?

[/quote]



Actually, a lot of companies are deciding to use cloud storage right now. One of the measures they are taking to protect their assets while doing so is (you guessed it): encryption! Most of the time that would be AES as well.



[quote]

Agile has and continues is throwing out half truths trying to convince their customer base that reducing their costs is just as secure as managing the distribution of your data. It isn't.

[/quote]



Be fair now. Nowhere I have seen Agile Bits declaring cloud storage is as secure as local storage. They are just defending that it can be secure enough. I tend to agree.



[quote]

But corporations that classify data for requisite protections, always classify passwords at their highest level.

[/quote]



Exactly, and that is why they use encryption. With the proper encryption (SSL/TLS for example) you are allowed to send your passwords over the internet. With the proper encryption (bitlocker perhaps) you are even allowed to store your company secrets on a hard drive and take it home with you. But for some reason you do not trust your passwords to be stored encrypted in the cloud. That is your call of course, but it sounds to me you are stuck in risk avoidance where risk management is called for. Again, your call, but a very old fashioned one. And that is my opinion as a fellow IT security professional.

1Password-User

Just my two cents: I love 1Password for Mac and iOS and enjoy the security I feel when syncing via wifi. For me, the issue is one of perceived security. I feel more comfortable today syncing my 1Password database between my iOS devices and my Mac using wifi sync.



AgileBits: I know you have made your stance known that you will [url="http://learn.agilebits.com/1Password4/iOS/ios-faqs.html#why-is-wi-fi-syncing-not-available"]not support wifi syncing[/url] for 1Password 4 for iOS. This is my plea for you to reconsider. In the meantime, I'm voting with my wallet and have received my refund for 1Password 4 for iOS and will continue using version 3 until you either stop supporting it or I discover a better password management option.

Neocybersailor

From a strictly business viewpoint, one has to wonder if Agilebits decision to strip out wifi synch to reduce tech support costs and not seriously entertain a user friendly local synch alternative is in the end worth the cost in lost good will and the potential loss of future sales.



The argument that they want reduce the PITA experience for their users falls on deaf ears when you look at the PITA factor involved with iTunes file local synch.



One can question if the rather vocal outpourings on this very active thread mirrors the customer base or are we are just a paranoid minority. I can't answer that, but if Agilebits was truly interested in customer relations perhaps they could set up an electronic poll on this forum to determine if local synch was considered an unnecessary, nice to have, or critical feature by their user base.



As I mentioned in a prior post, what Agilebits is really selling is "peace of mind". And that is based to a large degree on a company's trust and credibility. If the customer base perceives that local synch related security features are being scarified to reduce support expense, this can lead to a slippery slope of further lost trust because some people will perhaps begin to wonder what other hidden security related compromises in other areas (e.g. algorithms/sw) are being taken in the name of maximizing short term profit.



I understand a number of businesses and governments are beginning to issue or allow the use of personal Apple products for their workforce. However, how many of them are going to allow the use of company sensitive passwords to be stored on a Dropbox or Apple servers? - which are the only alternatives Agilebits has to offer. Seems like a big potential market opportunity lost.



Is 1Password considered a professional grade security app? Can Agilebits provide us with a list of any government agencies or businesses that !Password has been certified for, and if they have been recertified based upon the dropping of local wifi synch feature?

RichieB

[quote name='Neocybersailor' timestamp='1355769890' post='65736']

I understand a number of businesses and governments are beginning to issue or allow the use of personal Apple products for their workforce. However, how many of them are going to allow the use of company sensitive passwords to be stored on a Dropbox or Apple servers?

[/quote]



If you put it like that: not many. If you include the AES-128 encryption, PBKDF2 and a strong password: quite a few.

Carl

[quote name='alexo' timestamp='1355756671' post='65711']

This is true only if you make those two assumptions:

1. Computers will never get any faster than they are today

2. The sciences, especially maths and cryptography, will not make any significant progress.



[/quote]



The same thing applies to encryption algorithms.



As computers get faster (and thus can crack faster) the same faster computers can now perform encryption faster which allows for better encryption.



41 years from now, the faster computers won't be up against the older algorithms.



What would be required for what you describe to happen is that all the cracking methods get updated and none of the encryption methods get updated which is not going to happen.

jhollington

This also assumes that you never change any of your passwords. Personally, using 1Password makes it [i]easier[/i] to rotate your passwords regularly, because you don't actually have to [i]remember[/i] them.



I rotate all of my critical, high-security passwords every 30 days whether I need to or not. Forget 41 years, or even two years -- if somebody were to get their hands on my older data files and figure out how to crack them even in a month, they wouldn't get much useful information.



Further, if I knew that there was [i]any[/i] possibility my data files had been compromised, I would take action immediately -- that's the main reason why I keep a specific folder with my high-security accounts in 1Password -- so I know which ones to change immediately. Last year when Dropbox had its big "fail open" I went through that list and changed every password, despite the fact that my account wasn't specifically affected by that issue, and despite the fact that the probability of 1Password's encryption being compromised is extremely low. If you know there's been a chance that your data file is out there, an ounce of prevention is always a good idea.

tseager

[quote name='jhollington' timestamp='1355776193' post='65750']

This also assumes that you never change any of your passwords. Personally, using 1Password makes it [i]easier[/i] to rotate your passwords regularly, because you don't actually have to [i]remember[/i] them.



I rotate all of my critical, high-security passwords every 30 days whether I need to or not. Forget 41 years, or even two years -- if somebody were to get their hands on my older data files and figure out how to crack them even in a month, they wouldn't get much useful information.



Further, if I knew that there was [i]any[/i] possibility my data files had been compromised, I would take action immediately -- that's the main reason why I keep a specific folder with my high-security accounts in 1Password -- so I know which ones to change immediately. Last year when Dropbox had its big "fail open" I went through that list and changed every password, despite the fact that my account wasn't specifically affected by that issue, and despite the fact that the probability of 1Password's encryption being compromised is extremely low. If you know there's been a chance that your data file is out there, an ounce of prevention is always a good idea.

[/quote]



Good points, and agreed. If all users follow the practice of rotating passwords, then passwords would only provide value to those with current access and those with the ability to quickly decrypt. 1Password does provide the ability to more quickly change passwords, including the folders you mention, password generation, and password saves. 30 days on high risk accounts is a good practice. But you can't rotate the data that is traditionally part of your wallet (identification, credit cards), or other personal information. Also, changing details for account challenge questions/responses is not easy or feasible to do.



Your action after the Dropbox breach may not have been necessary, but yet another good precaution.

bring wifi-sync back

I got my refund too. Let me end this discussion:

I want to control which of my private data left my harddrive. Passwords are not any kind of data which left my harddrive. It's doesn't matter how many bits encrypt them. In a cloud I don't have any control of this data.

I really don't know what of my sentence any missionary doesn't accept and understand?



[quote]If all users follow the practice of rotating passwords[/quote]

[b]How do I rotate my credit card????? My brain will rotate asap when I read more like this ...[/b]



And I can't change my credit card, the PIN of my bank card, depository account, contract numbers etc.. every 30 days, so please stay away form hints that doesn't help. I don't use 1Password for cheap forum passwords only.



Without Wi-Fi sync I never noticed 1Password. Now Agile Bits left me alone with crappy iTunes copy. I'm very disappointed.

roustem

[quote name='BrianMojo' timestamp='1355695575' post='65638']

Here's what it comes down to: I don't think anyone really cares if it's Wi-Fi sync that ultimately returns. There just needs to be a [b]local sync option[/b] that avoids the cloud and [b]actually syncs[/b] between the two devices.

[/quote]



I am trying find a solution that could make it easier to perform local sync. So far nothing has emerged. We will have to get closer to finishing 1Password 4 for Mac to see what is possible.

bring wifi-sync back

replied instead of edited

jhollington

[quote name='tseager' timestamp='1355779167' post='65768']But you can't rotate the data that is traditionally part of your wallet (identification, credit cards), or other personal information. Also, changing details for account challenge questions/responses is not easy or feasible to do.[/quote]

For credit card numbers, I'm generally comfortable enough between my daily review of my online statements and my bank's excessively overzealous security department that those wouldn't likely be a big problem (considering the number of times I've had my credit card blocked for transactions that [i]I've[/i] made <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' /> ). I also don't keep ALL my credit cards in 1Password -- only the couple of low-limit and prepaid ones that I use specifically for online purchases, since those are the only ones I need to have in there. I don't store PINs or other personal information (drivers' licenses, passports) in 1Password anyway as I've simply never seen the need to. It's nice that 1Password supports that information, but I can't see any value to putting it in there.



I also rotate my banking PINs every 30 days as well, for reasons that have nothing to do with 1Password. They're actually [i]much [/i]more easily compromised since you're out there using them in the real world, and card skimmers and PIN cameras are rampant these days. Even then, the one time that happened to me (via my wife's card, who sadly doesn't practice quite the same security measures as I do <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/sad.png' class='bbc_emoticon' alt=':(' /> ), it was little more than a minor inconvenience -- the bank credited the stolen money back three days later.

bring wifi-sync back

[quote]I also rotate my banking PINs every 30 days as well, for reasons that have nothing to do with 1Password.[/quote]

Maybe this work in your country but not in my country. It's a complicated process. And I'm really not interested what you do and what kind of data you save on other harddrives. Have fun, but please stop missionary.

jhollington

Why do you assume I was talking to you? I'm simply participating in an open discussion here.



I completely understand that you don't like cloud-based syncing, and I'm not trying to convince you or anybody else to do so. Believe it or not, while I don't agree with your opinions on this matter, I actually [i]do[/i] respect them. Please don't assume I'm attacking you, especially when my posts aren't in any way directed at your particular comments.

Carl

Your credit card information is more likely to be compromised at a restaurant over any other place.



See: [url="http://money.usnews.com/money/blogs/my-money/2011/09/19/6-ways-id-thieves-steal-your-credit-card-number"]http://money.usnews.com/money/blogs/my-money/2011/09/19/6-ways-id-thieves-steal-your-credit-card-number[/url]



Merchant and card processors are also heavy targets of those trying to obtain credit card information:



See: [url="http://articles.chicagotribune.com/2012-04-02/business/chi-visa-drops-payment-processing-firm-involved-in-breach-20120402_1_cvv-code-global-payments-card-data"]http://articles.chicagotribune.com/2012-04-02/business/chi-visa-drops-payment-processing-firm-involved-in-breach-20120402_1_cvv-code-global-payments-card-data[/url]



Just an FYI



With $0 - $50 max liability to the consumer though it is still a very safe means of paying for goods and services.

TonyK

My use of 1Password version 4 has ceased. My iOS devices are back to 1Password version 3 per developer and support comments here.



In following with others I have requested a refund from Apple.



[quote name='roustem' timestamp='1355608987' post='65499']...



We updated the FAQs and the App Store description to mention that Wi-Fi sync is not available in 1Password 4. If the lack of Wi-Fi sync is stopping you from using 1Password, please ask for a refund. The version 3 is still working and it is available in the Purchased section of the App Store.

[/quote]

BrianMojo

[quote name='roustem' timestamp='1355779377' post='65770']

I am trying find a solution that could make it easier to perform local sync. So far nothing has emerged. We will have to get closer to finishing 1Password 4 for Mac to see what is possible.

[/quote]



That you haven't given up is reassuring, even if it doesn't make 4 useful for me at the moment. I would also offer that it doesn't need to be a wireless solution. Given that those who are most vocal against cloud sync are also the most vocal about security, I think that might in fact be seen as a bonus for some.



Good luck in your search for a solution, in the meantime I'll be using version 3. Thanks!

roustem

[quote name='BrianMojo' timestamp='1355792046' post='65821']



That you haven't given up is reassuring, even if it doesn't make 4 useful for me at the moment. I would also offer that it doesn't need to be a wireless solution. Given that those who are most vocal against cloud sync are also the most vocal about security, I think that might in fact be seen as a bonus for some.



Good luck in your search for a solution, in the meantime I'll be using version 3. Thanks!

[/quote]



Thanks!



I certainly do not want to go with the crazy code we had in 1Password 3 where the Mac app constantly monitors the Wi-Fi network in search of the iOS device. Maybe something much simpler where you manually select the "Sync" option from the menu.



I would love it to not rely on Wi-Fi network at all. However, I do not see any other option to access the data on iOS from Mac at the moment.

Neocybersailor

Roustem, I second BrianMojo's comments and wish you luck. I just hope it really becomes a serious schedule priority on Agilebits part, and does not just fall in the "never say never" category as expressed previously in one of your other founders' messages.



The present iTunes ratings for the current version of your program are not very promising. Out of 72 ratings you received 28 five star ratings. The bad news is that you also received 21 one star ratings, the rest inbetween 5 and 1 star. A significant proportion of the low ratings addressed lack of local synch. Am sure these ratings will flucuate in the future, but it is in all our interests that you continue to prosper and reinvest in truly improving the program's security and UI features through more rapid version introducutions.

Thomasj106

From the documentation that I have read and from the responses to my emails to your team, it appears that syncing v 4 from my iPhone and iPad back to my Macs can no longer happen. I can move the data file from the iOS device to the Mac or vice-versa via iTunes, but syncing directly with the handheld device to the Mac has been removed. I have the option (albeit a very poor one) of using DropBox to provide the syncing conduit. I don't know about anyone else but given DropBox's track record of security breaches, I know that I do not want all of my passwords, bank info, and credit card info stored on some third party server somewhere that only God and few hackers know where.



If I am understanding this incorrectly, I would to know how I can sync from Mac to iOS with v 4. If this can't be done, I would really like a refund. I'll stick with 1Password 3 and 1Password Pro until you no longer support it.

rconn2

A hub and spoke architecture for synchronizing, such as using a cloud, makes sense when there are many separated devices. But, as already mentioned, it makes little sense when two or three devices are sitting side-by-side. Then, point-to-point (cut out the middleman cloud) makes better sense.



I sympathise if WiFi has large support costs. But, having synchronization methods suitable for different customers and circumstances is basic. Many don't want to use a cloud. Some can't use a cloud. It absolutely shouldn't be the only viable method.



As for those arguing that it'd take a zillion to the billionth power years to crack the encryption, they're unable to see the forest for the trees. They're like the builders of the Titanic assuring everyone that it's unsinkable. And, the less than adequate number of lifeboats aren't really needed. Who would have imagined striking an iceburg?



We don't know what we don't know. A cloud is a point of failure and a dependency. Why add that vulnerability if it's not needed? Because, point-to-point is hard to implement and support?



A fraction of users won't use strong master passwords. Common sense suggests that guessing passwords in many cases won't take a billion plus years. I've been testing different password software. While doing so, I've used simple passwords. And, I've used some real logins. If I've been using a cloud, it'd be very human to forget and leave a test password folder. One has to be vigilant using a cloud. But, we humans do dumb things.

WilliamY81

I had to register this account to discuss my displeasure with losing my beloved wi-fi sync. I am of the same opinion as many others here that syncing passwords over the internet is not appropriate for the sensitivity of the data encapsulated and have two further opinions to contribute to this thread:



1. Regardless of encryption, because of the multiple jurisdictions files can pass when going over the internet, it is possible for 3rd parties to [url="http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/"]legally force service providers to install spyware on end users devices[/url] exposing their data. Consider Hushmail, another Canadian security company not unlike yourself, that was forced to install spyware on end users devices in order to access their data. Syncing data over wi-fi removes the risk of [b]data governance, legal and jurisdictional problems [/b]with 3rd parties hosting their users sensitive data.



2. In the current build of IOS 1Password, [b][url="http://forum.agilebits.com/index.php?/topic/9822-1password-doesnt-encrypt-all-data/page__p__56550#entry56550"][color=#0000ff]much of your personal information is stored (and possibly transmitted) in unencrypted free-text[/color][/url][/b]. This means that the websites you visit are wide open for 3rd parties to access by court order as per the Privacy Terms and Conditions of those companies. [b]For those of you who have not yet read this linked thread, it is worth your time to learn what information of yours is and is not protected in 1Password[/b].



Please reconsider your decision to remove wi-fi - I would hate to 3-star an otherwise mostly-decent product.

rconn2

You raise an excellent point. If titles or url's aren't encrypted, then browser histories are being put on a cloud. This is exactly what I meant about not knowing what we don't know. I want a password management system to make things simpler, not create uncertainties and more headaches.



And another possible flag... it was mentioned that the rich icons are being fetched from an image server. So, the app is sending our ip's along with a request for an icon for each login url to 1password?

jpgoldberg

Thanks all for your comments, I have yet to read all of them, but I hope that I address (or re-address) the major concerns.



I won't be saying anything that hasn't been said before in this discussion, but I hope to re-emphasize a few points.



Those who strenuously object to syncing Agile Keychain Data in the cloud are making two assumptions that I I don't think are fully justified.[list]

[*]Assumption 1: It is far far easier for your 1Password data to be captured in "the cloud" than it would be without using cloud syncing?

[*]Assumption 2: It is a very very bad thing if your Agile Keychain format data is captured.

[/list]

With regard to Assumption 1, Personal computers get stolen all the time, with the data on their disks available to attackers. Personal computers get compromised with attackers gaining access to the local drives. So there is little reason to presume that your Agile Keychain data is substantially safer on your desktop than it is in the cloud.



With regard to Assumption 2, it is well documented that [url="http://help.agilebits.com/1Password3/cloud_storage_security.html"]some information within the Agile Keychain format is not encrypted,[/url] most notably the URL and Title, and this is part of the reason that we are making a transition to our new Cloud Keychain format. But if you have a decent Master Password the encrypted data is very well defended. The Agile Keychain Format was designed with the knowledge that some people would have their computers stolen.



I get the sense that standards of concerns are being applied disproportionately. Yes data stored in the cloud is part of an attack surface, but it doesn't lead to good security decisions to focus on one part of the surface while ignoring others. If you can imagine an attack effort of X going after one spot, you should assume that an attacker would be also be willing to use effort X against another spot.



It is perfectly fine to say things like "well, you can't be absolutely certain the cryptography can't be broken". And that is definitely true. But we have to weigh risks against the plausible alternatives. When weighing those risks it is important to apply a uniform degree of skepticism everywhere. If you suspect that a government agency might try to get your data off of a cloud service, then you should also consider that the same government agency may try to attack your personal computer directly. Possibly even installing a camera in your home to monitor keystrokes.



I'm not saying that those are likely threats; I am just pointing out that if you feel that there is a real risk of a government agency coming after your data, you shouldn't assume that would limit themselves to Dropbox. If you weigh the risks without using a double standard, I think that you will find that trying to avoid cloud syncing isn't going to be the place to focus attention.



However, I can't make that judgement for you. If you remain unwilling to use "the cloud" for syncing Agile Keychain data, then you should probably continue to use wifi syncing with 1Password 3 until we have brought the Cloud Keychain Format to 1Password on the Mac as well.



If, however, you will be unwilling to use the Cloud Keychain format on the cloud then you can keep using 1Password 3 for as long as your computers and devices run operating systems that they will work on. However, if you really are unwilling to trust the Cloud Format on the cloud, you should also not trust it on your own devices. Use Full Disk Encryption (with very very strong OS X login password) on your Mac. Use a firmware password to disable Firewire DMA. Never run as an admin user. Verify every download carefully. Disable Flash and Java in your web browsers. configure and monitor a serious firewall system on your peripheral router. And more.



That is all part of applying the same standards of risk that you use for the cloud to your other systems as well. Refusing to allow your encrypted 1Password data to live on the cloud while at the same time not taking all of those other measures for your local system would be terribly inconsistent. As I said, disproportionate focus on potential point of attack leads to poor security decisions.



Again, I don't really see that much new is going to be added to this discussion. You have to make your own security decisions. I've offered my advice and I wish you well with whatever you decide.



Cheers,



-j

usern4me

jpgoldberg, thanks for your detailed response. I still have the following questions.



Does 1Password 4 for iOS use the new cloud keychain format when syncing with 1Password 3.8/3.9 via Dropbox?

Which data is encrypted in the new keychain format? Is there a document describing it like for the old agile keychain?

buzz123

I want Wi-Fi Sync back, too. I have to say 2 things.



1. 1password doesn't need to be synced instantly.

2. Can Agile take care of users if 1password files on cloud are leaked? This is unnecessary risk for Agile and Users. If Agile say "use cloud on own risk", they should provide alternative way=Wi-Fi sync. People Fail, Cloud Fail. There is no absolute security.



If the encryption of 1 password file is strong enough, why doesn't any Agile person put their own file on public?