security problem with backup files

maelcum

<div class="IPBDescription">1Pwd Backup files can be unzipped and reveal information</div>Hello,





by adding ".zip" to the name of any 1Pwd archive it is possible to unzip the archive to its original contents.

The data itself is encrypted, and I assume it cannot be decrypted easily. Unfortunately, just by opening any of the .password-files in ...agilekeychain/data/default it is possible to gain some knowledge about what is stored in 1Pwd.



[list]



[*]Notes have their title in clear text.

So any note for my swiss bank account# 12345 at UBS Zürich would at least give those two items of information away.



[*]Logins have the title as well as the url and tags in clear text.

I wouldn't want anybody to know I'm having an account at "autoweapons.com" as well as "neighbourhood-watch-minnesota.org" and "self-defense.org" and tagged all those as "weekend-fun".

In fact, if the 1Pwd-option is activated and the login name is saved to the title as well, everybody knows that I'm using the login name "biggun" to log into those.



[*]Intelligent folders/searches have their title in clear text.

So "trusted funds banks", "logins sheila" and "login karen" could give somebody the idea what a name in my household likely is and that I might have money stored somewhere.



[*]Wallet Items can be found my looking for the "TypeName".

"wallet.government.SsnUS" specifies the US Social Security Number. Something I would go for if I ever had to hack an account.



[*]Attachments have the filename in clear text.

So by finding "tax statement 2009.pdf" you not only know what name the file should have, you also know what filetype (pdf).

I have no knowledge about that, but I would assume that the encrypted file name string "4EF9683C3AF14480A18DD0D26B" would be the encrypted "tax statement 2009.pdf". At least an attac vector, if anything.



…

[/list]



There may be more; I haven't look at it into detail.

I am well aware that the passwords are still safe, since the encryption itself is certainly secure enough.

But there is a lot of information that can be gained just be collecting the strings that are in clear text.



Why not encrypt the backup-file (zip-file) with your own certificate or my generated certificate or even just some random number secret like something from my mac-address, serial number, daylight zone and zodiac? That would at least make it more difficult for prying eyes.





Best regards





mael

jpgoldberg

[quote name='maelcum' timestamp='1281951296' post='8872']

by adding ".zip" to the name of any 1Pwd archive it is possible to unzip the archive to its original contents.[/quote]



Hi mael,



You ask some very good questions, and it is great that you are thinking about such things.



Most of the questions are addressed indirectly in our document describing the [url="http://help.agile.ws/1Password/agile_keychain_design.html"]design of the Agile Keychain[/url], but I'll try to briefly address your concerns here.



[quote]

The data itself is encrypted, and I assume it cannot be decrypted easily. Unfortunately, just by opening any of the .password-files in ...agilekeychain/data/default it is possible to gain some knowledge about what is stored in 1Pwd.[/quote]



First let me reassure you that everything that is meant to be encrypted is securely encrypted. Also if you don't wish to use zip and unzip, you can simply inspect your agile data by right-clicking on it in the Finder and select "Open Bundle Contents". You will see when you dig down and explore that each particular entry you have is actually stored in its own file.



[quote] [Items] have their title in clear text.

So any note for my swiss bank account# 12345 at UBS Zürich would at least give those two items of information away.[/quote]



Yes. All titles that you give to things are not encrypted. This is so that they can be easily searched and displayed without you having to enter your master password.



[quote]Logins have the title as well as the url and tags in clear text.

I wouldn't want anybody to know I'm having an account at "autoweapons.com"[/quote]



1Password, in order to do its job in the web browser, needs to be able to find potential matches on a particular web page without having to decrypt everything in your data. This is both for performance reasons and for security. 1Password is designed to decrypt only the smallest amount of data needed at any given time.



Although it may seem to the user that when the data is unlocked that everything is decrypted, but that would be bad security practice for a number of reasons. We only decrypt things as and when they are needed. (And we forget about them as soon as they are no longer needed). But this does mean that your web locations are not encrypted. Your 1Password data file should be treated at least as securely as you would treat your browser bookmarks or browser history.



[quote]Intelligent folders/searches have their title in clear text.

So "trusted funds banks", "logins sheila" and "login karen" could give somebody the idea what a name in my household likely is and that I might have money stored somewhere.[/quote]



Again, this is so that you can actually use folders and tags without all of your data having to be decrypted.



[quote]Wallet Items can be found my looking for the "TypeName".

"wallet.government.SsnUS" specifies the US Social Security Number. Something I would go for if I ever had to hack an account.[/quote]



Again, the contents is extremely well encrypted. People will already know that you have valuable information in your 1Password Data. A hint that your social security number (which really isn't very secret). The important thing is to not put secrets into titles. (Just a note about social security numbers. Criminals already have that and credit cards numbers a dozen times over. Those are aquired either through hacking servers (which happens all the time) particularly of non-internet retailers. You should continue to keep these protected in 1Password, but those aren't the high value targets.)



[quote]Attachments have the filename in clear text.

So by finding "tax statement 2009.pdf" you not only know what name the file should have, you also know what filetype (pdf).[/quote]



I will need to consult with the developers to better understand why file name is not encrypted. It may be that there is consideration of allowing people the ability to search for attachments.



[quote]

I have no knowledge about that, but I would assume that the encrypted file name string "4EF9683C3AF14480A18DD0D26B" would be the encrypted "tax statement 2009.pdf". At least an attack vector, if anything.[/quote]



There are absolutely no worries here. Those filenames are representations of truly random numbers. We give each file a unique random filename to help with syncing and imports. It also means that if you change the title of some element, we don't have the change the file name that it is contained in.



I agree that the way we present things (locked or unlocked) it gives the impression that all of your data are locked (including titles and URLs) when 1Password is "locked" and that all of your data is decrypted when it is "unlocked". This provides the user with a simple view of what goes on.



But encryption and security is subtle and complicated. There is a story and half about the relationship between your master password and the actual data encryption. We hope that our documents allows the users who wish to investigate "what is really going on" to do so. We also want our design decisions to be open to the scrutiny of other cryptography and security exports. But we do provide a layer of abstraction or metaphor for the user that helps them behave securely, even if that doesn't completely reflect the details of what is really happening.



[quote]Why not encrypt the [the whole thing]?[/quote]



I hope that I've addressed that above. The notion of locked versus unlocked is (necessarily) more subtle than it first seems. From a security point of view, it would be a mistake to decrypt all of your data at any one time.



Again, thank you for asking about this and thinking about it.



Cheers,



-j

maelcum

Hello jpgoldberg.





Thank you for taking the time to read my post and put forward your view on things. It is very much appreciated.



As I said before, you have no doubt good reasons for doing things this way - unfortunately those are still not clear to me (not your fault!). All drawbacks that come from using clear text are still there - although you put great effort in assuring that "the right" information is encrypted. Well ... No. We obviously have a different notion of what is "the right" information.



What I wrote, and the examples I gave, are serious information leaks to me. Maybe I misunderstood 1Passwords abilities, but I always assumed my data inside is secure from prying eyes. To say it bluntly: It is not.



I do understand the need for not decrypting everything at the beginning, but doing searches on clear text entries, and then - only then - decrypting the appropriate piece of information belonging to the search result. But then, why not separate the information you need to search from the bulk of data? That would enable you to keep everything encrypted on disk, working on an decrypted table in memory.



You are going a little too much into the details with the Social Security Number. Don't you worry. Being European I do not use those - it was just used as an general example of information, that might hint malicious people where to start looking. That goes for all examples. And they are just that - examples. I assume you got the idea.



Reading your answer helped me out, though, and perfectly so. After reading it a couple of times, it finally hit me. The important sentence is the 3rd. The operating word the 10th:

[size="2"][i][color="#2E8B57"] First let me reassure you that everything that is [/color][/i][/size][size="2"][i][color="#2E8B57"]meant[/color][/i][/size][size="2"][i][color="#2E8B57"] to be encrypted is securely encrypted.[/color][/i][/size]

[color="#1C2837"][size="2"]Ah! And I've asked myself, why AWS have something like Knox in their portfolio. Developed long after the success of 1Pwd became apparent...[/size][/color]

[color="#1C2837"][size="2"]Now I know. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />[/size][/color]

[color="#1C2837"][size="2"]I really *did* misunderstood 1Pwds abilities. To paraphrase myself: "[/size][/color]Maybe I misunderstood 1Passwords abilities, but I always assumed my data inside is secure from prying eyes." It is. As long as we are talking Passwords, Notes, etc.





[color="#1C2837"][size="2"]Thank you *very* much for taking the time to answer this - in that light - rather silly post. Case closed.[/size][/color]



[color="#1C2837"][size="2"]Have a very nice day.[/size][/color]

[size="3"] [/size]

[size="3"] [/size]

[color="#1C2837"][size="2"]mael.[/size][/color]

jpgoldberg

You are perfectly correct that the choices we made about leaving titles and URLs unencrypted in the Agile Keychain design isn't without consequences.



There was a great deal of discussion about this at the time on the old forums. I'll try to find links to the archives of that so that you can see the full range of views that were expressed. ... Sorry, it is talking me longer to find how to search old, archived, discussions than I thought.



We, as you would expect, feel that we made the right design choices for the security of our customers. But as I'm sure you can imagine, not everyone felt that way. It was a good, frank discussion of the issue, and I wish I could find a way to point you there.



In either case, our recommendations are that users do not put anything secret in titles and that they treat their 1Password data files as they would their bookmarks or browser history.



Anyway, thank you for bringing this up on the new forums. This will be another place where users can find out about what information is exposed.



Cheers,



-j

[Deleted User]

[quote name='jpgoldberg' timestamp='1282057897' post='9003']

I'll try to find links to the archives of that so that you can see the full range of views that were expressed.[/quote]

I've been unable to find many legacy topics/discussions that I'd like to reference now, e.g. about SplashID.

khad

Very helpful information. Especially grateful for the link to the [url="http://help.agile.ws/1Password/agile_keychain_design.html"]Agile Keychain Design[/url] documentation.



Thank you, Jeff.