1Password vs Keepass: Point-by-Point Comparison
Hey Agilebits, I just recommended 1Password to some friends and I know that at least one purchased your Win+Mac bundle. They are security conscious people and have always recommended Keepass (Win) and KeepassX (Mac). I'd just like to see how 1P compares to Keepass on the following factors, both to know for myself and to address questions if they come up. I've read much of your blog where you emphasize how strong your encryption is and how you've implemented features that slow down password crackers' attempts. I'm not sure if you've talked about the other features below though.
Taken from http://keepass.info/features.html & http://keepass.info/help/base/security.html, how does 1P compare?
1) SHA-256 is used as password hash. In contrast to many other hashing algorithms, no attacks are known yet against SHA-256.
2) Protection against dictionary and guessing attacks: by transforming the final master key very often, dictionary and guessing attacks can be made harder.
3) In-Memory Passwords Protection: Your passwords are encrypted while KeePass is running, so even when the operating system caches the KeePass process to disk, this wouldn't reveal your passwords anyway. This means that even if you would dump the KeePass process memory to disk, you couldn't find the passwords.
4) Security-Enhanced Password Edit Controls: KeePass is the first password manager that features security-enhanced password edit controls. None of the available password edit control spies work against these controls. The passwords entered in those controls aren't even visible in the process memory of KeePass.
Thanks!
Comments
-
Hi @BiomedEngineer,
Those are great questions, I've asked Jeff, our Chief Defender Against the Dark Arts, to come in and answer your questions as soon as he can. He's the author of many of the awesome security blog articles and I know he'll like to answer your questions for a future blog article.
Thanks for waiting.
Flag 0 -
Hello again @BiomedEngineer,
We really really try not to get drawn into saying anything about our competitors, so I'll try to keep my comments specifically about 1Password except to note that different systems have different sorts of designs that make some features and questions moot, making some point-by-point comparisons tricky.
For example, because 1Password has browser integration, it means that copy and pasting of passwords is not something people routinely do when using 1Password. As such, it means that we don't have the same worries about the insecurity of the copy/paste mechanism. On the other hand, a product that doesn't have browser integration has to jump through enormous hoops to try to protect that sort of information.
OK, but now down to business.
1. What hash algorithm.
SHA-256 is used as password hash. In contrast to many other hashing algorithms, no attacks are known yet against SHA-256
The short answer is that in the Agile Keychain format we use SHA1, and in its successor, the Cloud Keychain format, we use SHA2 (both 256 and 512) in various places.
The particular limitations of SHA1 are such they don't affect how it is used in 1Password, but the general rule is that once problems are found in an algorithm, we should anticipate that those problems will grow. So while nobody designing a system today should use SHA1, there is nothing wrong with older systems unless they are depending on very specific things about SHA1.
There is a great lesson on this in the history of MD5 (SHA1's predecessor). I've included some of that in an article, Flames and Collisions which steps through the real damage that can be done when the wrong hashing system is used.
Defense against Master Password cracking
Protection against dictionary and guessing attacks
I don't know if we were the first to bring something like PBKDF2 to a password management system, but this is something that we introduced back with the Agile Keychain Format and have continued to develop. You might want to read about how well 1Password Master Passwords hold up against tools like John the Ripper.
Keeping things encrypted in memory.
In-Memory Passwords Protection: Your passwords are encrypted while [the application] is running
This has always been and remains a core design principle of 1Password. The contents of an item are only decrypted when you are specifically using it (editing, viewing, or filling a webpage with it). Once its out of your sight, it's out of 1Password's mind.
This is a feature that is often overlooked by people who try to "roll their own" systems, but it certainly isn't something that we've overlooked.
Secure Edit Controls
Security-Enhanced Password Edit Controls
This is specific to Windows only, as the Secure Input modes on OS X automatically take care of this for us on Mac and iOS.
We've recently made improvements to this on Windows, but there is more work to do here to make this more secure. Again, because 1Password integrates with the browser instead of relying on frequent copy/paste, this isn't as large of an issue for 1Password as it might be for others. None-the-less, that isn't an excuse to look at how to further beef up these sorts of protections in 1Password for Windows.
Anyway, this has told me that I really need to do a better of job of making sure that it is easier to find the kinds of things in our documentation!
Cheers,
-j
–-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.comFlag 0 -
Thank you for the input Jeff and Mike. I was wondering with Secure Input on the Mac, is this why I'm not able to use TextExpander in a web password field? If so, how is 1P able to know what password I'm inputting when I click the + icon in the browser extension?
Flag 0 -
I was wondering with Secure Input on the Mac, is this why I'm not able to use TextExpander in a web password field?
Yep.
If so, how is 1P able to know what password I'm inputting when I click the + icon in the browser extension?
1Password doesn't watch your keystrokes like a keylogger. (On a technical level, that is essentially what TextExpander is: a benevolent keylogger.) The data is available in the DOM.
Flag 0
