Feature Request: Keyfile Support

khad · June 2011

Hey MrUsr,

Thanks for adding your vote for this. Please see my post above about the security of your data file when stored in Dropbox, though.

[quote]It's in the realm of possibility that a person could get access to my Dropbox and crack a 16 character password.[/quote]

Fortunately, this is not really true. Thanks to the PBKDF2 key strengthening I describe above, your 1Password data is [b]much[/b] more secure than it would seem at first glance. Even assuming your master password contains [b]only lowercase letters[/b] (no uppercase letters, symbols, or numbers which would greatly increase the search space for an exhaustive brute force cracking endeavor) it would still take hundreds of centuries to crack your data (at the very [i]lowest[/i] possible estimate). More realistically, it would take billions of centuries or more. You can play around with some calculations yourself on Steve Gibson's [url="https://www.grc.com/haystack.htm"]Password Haystacks[/url] page. Remember that PBKDF2 means that the process of going from the key to your data is slowed down to a crawl (in terms of cracking), so hundreds of guesses per second is the most accurate estimate. His calculator doesn't even go that low, so everything you see is more of a worst case scenario (which certainly doesn't hurt to think about when choosing a master password). <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />

Of course, this doesn't mean that we are sitting around doing nothing. We are increasing the PBKDF2 iterations as computing power becomes increasingly faster and cheaper so that brute force cracking will take [b]even longer[/b] than it already does. We also continue to evaluate the pros (and cons) of multi-factor authentication, and we appreciate you letting us know you are interested in this as well. It is true that multi-factor authentication will improve security, but if the implication is that your data is not currently secure, that's simply not true. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_wink.png' class='bbc_emoticon' alt=';-)' />

Please also take a look at the [url="http://forum.agile.ws/index.php?/topic/5199-security-cloud-syncing/"]cloud syncing security[/url] thread for more details specifically on the recent Dropbox issue. The [url="http://forum.agile.ws/index.php?/topic/4716-feature-request-multi-factor-authentication/"]multi-factor authentication[/url] thread may also be interesting reading.

Thanks again for the feedback!

Spiffily · June 2011

Hello All <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />

I recently moved to Mac OS X from Windows and I am looking for a new password manager. I previously used KeePass however I would like something a bit more polished for OS X.

However the lack of multi-factor authentication seems a bit scary to me! KeePass gave me the option to create a keyfile which I stored on a USB pen (+ backups) and I would need this USB pen to authenticate. I mean i'm no guru but it would seem this made things a bit more secure, and I presume it would be quite easy to implement as it requires no authentication with servers like Yubikey etc. If it meant that for any reason my password and database were compromised, it would be no good without the file on my USB key (which I am sure they could get if my computer was compromised anyway...) but you get the point.

The software looks good guys and I suspect I will be downloading the trial once I get home, just wanted to give you my 2 pence!

[Deleted User] · June 2011

Hello Spiffily and welcome to the Forums!

I hope you did download the trial when you got home and that you are happy so far. Please come back to the Forums with any questions or comments.

Cheers!

Brandt

P.S. Thanks for the 2p! At current exchange rates, that equals 3 cents for both USD and CAD. You're already giving more than most! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />

nn2011 · July 2011

[quote name='m00dawg' timestamp='1308244546' post='29315']

You *CAN* put 1Password's keychain on other media. I have it running off my encrypted disk image. It's just not recommended by Agile, but it's very possible.

[url="http://forum.agile.ws/index.php?/topic/3888-how-do-i-relocate-the-backup-location/page__p__22132__hl__%2Bencrypted+%2Bdisk+%2Bimage__fromsearch__1#entry22132"]This[/url] should get you going, keeping in mind the pros and cons of doing so.

[/quote]

Hello again!

I have a problem. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/sad.gif' class='bbc_emoticon' alt=':(' /> When I do what 'm00dwag' suggested in the link above, then I just backup the backupfiles to my TrueCrypt folder in Dropbox (did this on my mac computer). When I opened it up on my other windows computer I can't use the portable version of 1password (1Password.agilekeychain) that opens in firefox. What should I do to get "1Password.agilekeychain" into my TrueCrypt folder in Dropbox?

khad · July 2011

I don't have as much experience with TrueCrypt, but I know that Knox vaults cannot be opened on more than one computer without risking corruption. If you make a change, Dropbox will try to sync it, but if the TrueCrypt "encrypted virtual drive" (EVD) is open on another machine, this is not good. Things break. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_worried.png' class='bbc_emoticon' alt=':S' />

You should be able to simply move your data (1Password.agilekeychain) into a TrueCrypt EVD, but you will not be able to sync the data between computers or devices in this scenario. You will also not be able to access [url="http://help.agilebits.com/1Password3/1passwordanywhere.html"]1PasswordAnywhere[/url] via Dropbox's web interface if your data is in a TrueCrypt EVD.

Perhaps I have misunderstood what your goal is, but your 1Password data is already encrypted. Encrypting it twice is not necessary and breaks syncing and 1PasswordAnywhere. Please let me know if there is anything else I can help with.

Cheers,

nn2011 · July 2011

[quote name='khad' timestamp='1311284191' post='32772']

I don't have as much experience with TrueCrypt, but I know that Knox vaults cannot be opened on more than one computer without risking corruption. If you make a change, Dropbox will try to sync it, but if the TrueCrypt "encrypted virtual drive" (EVD) is open on another machine, this is not good. Things break. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_worried.png' class='bbc_emoticon' alt=':S' />

You should be able to simply move your data (1Password.agilekeychain) into a TrueCrypt EVD, but you will not be able to sync the data between computers or devices in this scenario. You will also not be able to access [url="http://help.agilebits.com/1Password3/1passwordanywhere.html"]1PasswordAnywhere[/url] via Dropbox's web interface if your data is in a TrueCrypt EVD.

Perhaps I have misunderstood what your goal is, but your 1Password data is already encrypted. Encrypting it twice is not necessary and breaks syncing and 1PasswordAnywhere. Please let me know if there is anything else I can help with.

Cheers,

[/quote]

Hello khad!

I found out that I could copy the 1Password.agilekeychain into my encrypted truecrypt file that's in Dropbox and everything works like a charm! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />

On my computer I would like to move everything that 1password saves to a truecrypt file container (just because everything on my computer that I work on is saved to an external hard drive and not the internal drive on the computer). There is no conflict that can occur as I don't work with multicomputer on the same data and no synchronizing is done automatically only backups manually when programs is closed.

[b]

How can I move the backup data and the 1Password.agilekeychain (is there anything else that has to move?) to my external hard drive that's always connected to my computer?[/b]

nn2011 · July 2011

[b]How can I move the backup data and the 1Password.agilekeychain (is there anything else that has to move?) to my external hard drive that's always connected to my computer? [/b]

On my computer I would like to move everything that 1password saves to a truecrypt file container (just because everything on my computer that I work on is saved to an external hard drive and not the internal drive on the computer). There is no conflict that can occur as I don't work with multicomputer on the same data and no synchronizing is done automatically only backups manually when programs is closed.

khad · July 2011

[quote]I found out that I could copy the 1Password.agilekeychain into my encrypted truecrypt file that's in Dropbox and everything works like a charm! [/quote]

That's great! It won't work if you try to synchronize with any mobile devices since 1Password for iOS, Android, and Windows Phone 7 won't be able to see inside the TrueCrypt EVD, but it sounds like you are in deal candidate for this.

[quote]There is no conflict that can occur as I don't work with multicomputer on the same data and no synchronizing is done automatically only backups manually when programs is closed.[/quote]

Important points!

[quote]How can I move the backup data and the 1Password.agilekeychain (is there anything else that has to move?) to my external hard drive that's always connected to my computer?[/quote]

You should be able to set this in 1Password's preferences on the Backup pane. However, if your backup drive is [i]ever unavailable[/i], 1Password will [b]revert to the default location[/b], so it can be a real pain trying to backup to an external volume. It is perhaps better to backup the [i]backups[/i] (from your internal drive to the external).

Best of luck! Let me know if you have any more questions.

Feature Request: Keyfile Support

Comments