Could there be a backdoor?
1) 1-Password is in the business to make a profit.
2) 1-Password makes a profit by convincing users their master password is unknowable to anyone but the user.
3) If 1-Password is very successful, the value of the accounts protected by master passwords could well exceed the value of the company, and thus the most profit might come from selling the company to the highest bidder who may want to rewrite the code to secure the master passwords.
Can someone correct my thinking that 1-Password is only as secure as those who control the code want it to be? Even if 1-Password was secretly run by nefarious Romanian identity thieves, they would want to write a very, very good program so to give people the confidence to rely entirely on the security of one password. But any time I enter my 1-password I have no way of knowing whether a bad guy hasn't rewritten the code to copy what I'm typing.
I've wondered...who would I trust to control the 1-password code? The government? No way. My sister? Sure, but my sister can't buy 1-password. My church? Sure, but again, my church can't buy 1-password. How about the Nation of Islam? No. The Pope? Sure. The Mormon Church? Maybe. We'd all have different answers and we'd subscribe to the group we trust.
Anyway, the point of this exercise is to ask whether there is any way to verify that 1-Password is more secure than the person(s) who control the code.
Comments
-
So you are worried that the Agile Team has nefarious purposes and is secretly harvesting our Master Passwords through some obscure line of code? Even with that knowledge it would be useless without our actual .agilekeychain file. If you think that they are transmiting that too, then you are paranoid. After all, some trust is needed in any relationship for that relationship to work properly. And, even though they "control the code" as you say, that does not mean that, given any keychain file, they can decrypt it within a reasonable amount of time. They would be ignorant as any other thief, and only subject to the precessing power of their computer(s). The file is still encrypted and that does not change even though they know [i]how[/i] it is encrypted. If that was the case, then everything would be, as you point out, only relatively safe subject to the creator of the method being used. As another example, AES, if I remember correctly, is the encryption standard of the United States Government and many other groups, yet it was created in the U.S. This is for the same reason I described above.
That is how I see it. From here, I will let someone more knowledgeable like Jeff to give you a full-fledged response.Flag 0 -
Welcome to the forums, jdouglasj! Thanks for taking the time to contact us. It is great that you are thinking about these things.
While our Agile Keychain Design document doesn't directly address the question of whether or not there is a backdoor in 1Password, it does show that we are as open as possible about our data formats, which are fully available for inspection:
http://help.agile.ws/1Password/agile_keychain_design.html
However, that is only part of an answer. There are, in fact, two parts to the question. One is about a backdoor which someone at AgileBits would maliciously put in the code, the other is about a third party supplying you with a modified version of 1Password. For the latter, we use Apple's codesigning system as well as have our updater verify each download against a digital signature. I can give you more detail about those if you wish, but I suspect that you are more interested to know that we are not the bad guys ourselves.
The simple truth is that you can never be absolutely certain that there is no backdoor. There isn't one, but if we would do something so evil as to put in a backdoor, we certainly would be willing to lie about it. So you can't simply take our word for it. Nonetheless, there are things that I can point to which are strong indicators that there is no backdoor. I know that we at Agile are all good people, but simply stating that does not prove it. Therefore, let me point to reasons that go beyond reliance on our virtue.
It would be incredibly foolish of us from a business perspective to put in a backdoor. The trust that we have from our customers is our livelihood. There are very sophisticated security researchers out there scrutinizing 1Password for security flaws. If they were to discover a backdoor, our reputation and business would come to an end. Consider the effort that has gone into developing 1Password over the years. Our business is about providing a quality product and support. If we were seeking credit card numbers and online banking credentials, we would be conducting our business differently. These are some great reasons to avoid low-cost password managers from fly-by-night companies who don't offer a lot of detail about their formats and methods.
We have never had any government pressure to put in a backdoor. We are a Canadian company, and we have an international staff. If one government were to try to pressure us, we could easily relocate the business to another jurisdiction.
Lots of people within AgileBits have access to the source code which means that if one of us tried to put in a backdoor, others would spot it. So it would not be possible for just one or two people colluding to do it. At the same time, only a few people have the ability to sign the code that gets distributed, so all changes do get reviewed.
We can't be as fully open as an open source project, but within the constraints of our business we try to be as open as possible. With our Chrome extension, where more code is written in JavaScript, that source is available for inspection (although parts of it are obfuscated).
For network operations, you can monitor all network traffic coming from 1Password and its components. You will only find three cases where 1Password opens a network connection.
1. For WiFi syncing (if you use it) 1Password 3 for Mac will pick up host information over Bonjour and then open up a connection on the local network to 1Password on an iPhone, iPad, or iPod Touch but only when you have set things up for Wi-Fi syncing.
2. Our updater will check for new updates, fetch them, and verify their signature. You can disable this if you wish (Preferences > Updates > Automatically check for updates).
3. Thumbnail previews are retrieved when you create a new Login. 1Password will attempt to create a preview of that page (with no form filling). This can also be disabled (Preferences > Logins > Login Previews).
All of the encryption and security protocols we use are from well known and well reviewed libraries. This means that it would be harder for us to conceal a backdoor as we just aren't in a position to make subtle changes to the actual encryption algorithms and protocols. Our practice of not "rolling our own" encryption implementation is also an overall security advantage.
I hope that this goes some way to reassuring you. As I said, we know we are honest, and we want you to know that too. Caution and skepticism are healthy habits, though, especially when it comes to security.
Please let me know if you would like any clarification of any of these points or if there is anything else I can help with.Flag 0 -
tatchley,
[quote][color=#282828][font=helvetica, arial, sans-serif]So you are worried that the Agile Team has nefarious purposes and is secretly harvesting our Master Passwords through some obscure line of code? Even with that knowledge it would be useless without our actual .agilekeychain file. If you think that they are transmiting that too, then you are paranoid.[/font][/color][/quote]
Do you work for Agilebits? Your use of the possessive determiner sounds like you do, but boy, calling an anonymous customer paranoid for asking about the security of a security product doesn't sound like someone that actually works for the company.
Khad,
Thank you for the response. It seems highly unlikely that Agilebits is up to anything nefarious, but then again, no successful thieves ever seem like thieves. Bernie Madoff was one of the most trusted independent wealth managers in the country. Bear Sterns was the most respected name on Wall Street. I had a Mint.com account that I shutdown because it was just trusting too much information to one source (Mint.com has customers enter all the passwords for all their bank accounts). I think Mint.com is owned by Intuit, which is seems a very unlikely thief, but who knows about the individual employees?
I did appreciate you exhaustive response, but my hope is that you guys are thinking about technical solutions to the question, "How can Agilebits prove to customers that a backdoor is not possible?" You said that in the end you just have to trust the company, but I don't think that's true. For instance, you said that:
[quote][color=#282828][font=helvetica, arial, sans-serif]Lots of people within AgileBits have access to the source code which means that if one of us tried to put in a backdoor, others would spot it. So it would not be possible for just one or two people colluding to do it.[/font][/color][/quote]
That's a good point but your customers are still dependent upon a completely in-house security cross-check. You guys aren't a public company and someone could buy you out rather quietly. What if a real cross check somehow relied on a few independent, unrelated entities outside the company. Each of those entities would have to be satisfied, although none of those entitles by themselves would have the keys to the temple, so to speak.
I imagine some folks at Aiglebits are Simon Singh fans (I think I have that author's name right) who loves writing about codemaking and code-breaking. Unlike a government entity, a corporation has the motivation and option to tie its own hands if it chooses. It seems to me that if you guys are the best protection out there, the questions I've posed are the questions all your potential customers are likely to ask.Flag 0 -
Hi jdouglasj,
You are correct that in principle there is no way for us to absolutely prove that there isn't a back door. Note that the same holds true for the vendors of the operating systems you use.
If we only released an update once a year or so, it would be feasible to have trusted third parties review the source code and every step from that source to the actual binaries that get distributed. But because we release more frequently, that just isn't feasible. It is enormously expensive and dramatically slows down the release process. And even if we let you examine the source (under an appropriate NDA) it would be difficult to prove that the source that you see is the same source behind the binary that gets distributed.
The threat of us being bought out by some evil organization is something that you can mitigate. You are never forced to upgrade 1Password (except for when you upgrade to a new OS that older versions of 1Password don't support). Your data is completely under your control. If we were to disappear from the planet tomorrow, you would still have access to your data as it is today.
Let me add to what Khad said about the business aspect of it, the [url="http://krebsonsecurity.com/2012/12/exploring-the-market-for-stolen-passwords/"]going rate for stolen usernames and passwords to retail sites is 2 US dollars[/url] (if you buy in bulk). This doesn't rule out us doing stealing things just out of an evil inclination, but there really is no financial incentive to take the enormous risks of that kind of activity.
I want to reemphasize what Khad said about how many of us have access to the source code. It would take a pretty big conspiracy for us to have a back door, and the likelihood of any secret conspiracy diminishes quickly with the number of people who have to remain silent.
I'm really happy that people are reading books like Simon Singh's "The Code Book". I love this kind of stuff, and I'm glad that other people do to. (You may wish to follow our blog, where we sometimes have articles about cryptography and security.) In addition to wanting more people to understand and see the beauty of things that we really love, I also think that the more informed people are, the more they will appreciate the design of 1Password.
I know there isn't a backdoor. I'm not expecting you to take my word for it. But I'm asking that you make your own security choices based on what we've said and what you know.
Cheers,
-jFlag 0 -
I originally came across this thread by accident, but found the question and answers to be interesting and well-considered. In follow-up to khad and jpgoldberg's responses, I was wondering what kind of third party scrutiny (i.e., from Apple) has been applied to 1Password (for iOS or Mac) as part of the App Store vetting process? See, e.g., https://developer.apple.com/appstore/guidelines.html. Would this provide any measure of assurance to someone concerned about the possibility, however unlikely, of backdoors in the code? Thanks!
Flag 0 -
I don't believe there is much in the App Store review process that would detect certain backdoors. They may catch some backdoors, but it is not a system I would rely on in that regard.
Thankfully, there are many more eyeballs from the security community on 1Password than would ever be feasible in the App Store review process.
Flag 0 -
Thanks, khad. If the external security community is and has been scrutinizing 1Password, it seems to me that displaying endorsements from several of its most prominent members would be a great marketing strategy and would also assuage the understandable concerns that some have. (By the way, for my own part, I am very satisfied with 1Password's security and your assurances above.)
Flag 0 -
Hi Phil382,
You're right, some endorsements from the security community would be great. Without digging into details, suffice it to say that it turns out these guys are very busy. Apparently they don't need the business
Someday I hope to finish a full audit and proudly display some endorsements.
Flag 0 -
While this subject is still on my radar, I'll add that the apparent absence of user security complaints over the years speaks volumes and is reassuring in its own right. I have yet to read of anyone ever suffering an actual 1Password security breach or blaming it for a drained bank account.
Flag 0 -
To our knowledge that has never happened. Nothing is impossible, but much is improbable. There's a [perhaps not so] fine line between "hubris" and "being prepared." While we are extremely proud of the security of 1Password, we are never resting on our laurels. It is always important to look ahead (and stay ahead) with security.
You may be interested in some rainy day reading about the new Cloud Keychain design if you find the security of 1Password fascinating:
1Password 4 Cloud Keychain design
And of course, if you ever have any questions, you know where to find us!
Flag 0 -
Interesting thread, started by an interesting question.
I think of it in the way that has been covered in previous blog articles - good security requires convenience (or I won't use it.) I don't need to use 1password, there are other options that could be considered more secure, relatively e.g. keeping all my passwords written down and in a bank vault, or not having my password manager sync via the cloud. But on the balance of apparent probabilities (based on the highly subject personal viewpoint from reading up, from researching the product, from the quality history of the product ie no serious security issues) I chose to trust 1password which in turn makes a lot of my other information more secure as it is convenient and easy to access my data on all my devices. It's a choice.
Sure it would be nice if AgileBits had independent verification or open source code, but we don't have that. What we do have is a very popular product, and I am pretty sure if there was a backdoor or other security issue, it would be all over the internet in a moment.
Sorry for the very subjective arguments!
Flag 0 -
Although I do not believe that Agile Bits would risk their business by transferring the master password to their servers I still do believe it's a very bad idea to store a keychain-file in any cloud-storage!
Therefore I'm disappointed that the AppStore version (3.9) had removed the local WiFi-sync option and version 4 for Mac is still not available more than a year after 3.9 ...
So for now I'm only using the Mac version and still wait to bring the iPhone and iPad version into production (already purchased but waiting for a non-cloud sync-option)Flag 0 -
Hi SpaceAce,
I understand your concerns, we're working on a local USB sync that'll bypass any need to use the cloud. We removed the Wi-Fi sync because it was too unstable to use for many of our customers, even though it worked properly for some. The USB sync will remove most of the Wi-Fi instabilities since it no longer relies on it.
1Password 4.0 for Mac is in heavy development at the moment but I don't have a timeframe on when it'll be out.
FYI: There are no master passwords stored anywhere, so there's nothing for us to transfer anywhere. Even if your data file is in the cloud, there's nothing people can do to get into the data file unless they can guess your master password. The way we create your data file requires them to spend centuries with computers to guess it.
Thank you!
Flag 0 -
Hi MikeT,
Just because the master password is not stored anywhere it could be phished or stolen by a keylogger or similar trojan.
Even if you have chosen a good encryption mechanism for the keychain-file it's IMHO still bad to let someone lay his hands on the encrypted file to run their tools against it offline with all the time they need. Call me paranoid but there are file-types which I will never store in a cloud-service. My keychain-file is one of these ;-)Any chance to be part of the 4.0 Beta-Test for Mac?
Cheers,
SpaceAceFlag 0 -
Hi SpaceAce,
There is no 1Password 4 for Mac betas right now, we don't have any information we can share at the moment. Once we reach that stage of development, we'll announce the details about the beta project just as we did for the 1Password 4 for iOS betas. You'll be able to sign up then.
As for the trojan, if you did have it, it wouldn't matter if you never had the file in the cloud, they can simply just scan for the data file, upload it remotely, and do it offline just as they would have to break into either iCloud/Dropbox if they could figure out your Dropbox/AppleID account information. Be sure to lock down the firewall to ensure this doesn't happen.
Flag 0 -
You bet my home is quite some "Fort Knox" (hardware and software firewalls protecting my network and my machines)
While all what you say is true in some way I still fancy the "least possible risk"-approach avoiding unnecessary opportunities for the bad guys. This includes keeping certain files out of the cloud.Flag 0