Security: Dropbox syncing and iOS keychain

Steve Darden

I have succeeded to fix the iPad 1Password "iOS Dropbox not updating problem". When I did the "reset sync" I found that the iOS master password now seems to be the same as on MacPro where I initiated the Dropbox sync - which is a very strong long passphrase.



After quit/relaunch 1Password I discovered it still is looking for the unique, shorter iOS password.



Questions:



1. where is this iOS password stored?

2. is this password used to access the true master password?

3. how do I know that connection is secure - the true master is the "keys to the kingdom".



FWIW, I think the Dropbox sync absolutely requires a strong password on the 1Password keychain (and a reasonably strong password on the Dropbox). Someday there could be a sour Dropbox employee who also has access to the Dropbox password credentials. Your 1Password passphrase is then your only defense.

khad

Hey Steve,



Great questions! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



Your master password does not have to be the same between 1Password for Mac/Windows and your 1Password iOS app(s). Many users like to have a less-complicated one for 1Password iOS apps because of the interaction using the much smaller virtual keyboard. Because they do not have to be the same, they are never synced from one device/platform to another.



There are a lot of passwords and codes to keep track of. (That's why you probably bought 1Password in the first place. ) I'll give a list of the ones used in Dropbox syncing.



[b]iOS device passcode[/b] - used to unlock your iPhone or iPad when first turning it on



[i]This is unrelated to 1Password, but you will obviously need it in order to access your iOS device if you have it enabled (which we strongly recommend).

[/i]

[b]1Password for iPhone unlock code[/b] - used to unlock 1Password for iPhone and gain access to low-security items and settings



[i]This makes it easier to switch back and forth between apps without having to type in a longer, more complicated master password every time.

[/i]

[b]1Password for iPhone master password[/b] - used to gain full access to all 1Password for iPhone data



[i]You will be prompted whenever you are trying to access a high-security item (beyond the Auto-Lock timeout duration) or a setting that requires further authentication. Called "Master password for iPhone" during Dropbox setup.

[/i]

[b]1Password for iPad master password[/b] - used to gain full access to all 1Password for iPad data



[i]You will be prompted for this every time you launch 1Password for iPad.

[/i]

[b]Dropbox password[/b] - used to login to the Dropbox application and website



[i]This is only related to 1Password insofar as it is required to access your data file for Dropbox-based syncing.

[/i]

[b]1Password data file master password[/b] - used to gain full access to 1Password for Mac and/or Windows and 1PasswordAnywhere



[i]This can be thought of as the "main" password. All your data can be accessed with this password. Even if you lose your iOS device(s), you can set up Dropbox syncing on a new device using this data file and password. You are only prompted to enter it on your Mac or Windows computer and when accessing 1PasswordAnywhere. If your 1Password for iOS master password is different than this password, you will be prompted to enter it when setting up Dropbox syncing on your iOS device, otherwise, you will not be prompted for this anywhere in 1Password for iOS. Called "Master password on Mac or PC" during Dropbox setup.[/i]



All of these passwords are set independently, so it is up to you if they are all identical or unique. We recommend always using unique passwords for everything, but the choice is yours.



[quote]1. where is this iOS password stored?[/quote]

It normally is not stored anywhere. When you enter your master password, 1Password attempts to decrypt the encryption key which is 1024 bytes of random data generated when the data file was created. If the master password is correct, then the key is provide. Otherwise, nothing is returned.



However, if you enable automatic syncing with Dropbox then 1Password needs to have access to the master password in order to have access to your data. Read and write access is required for full two way syncing. In this case, it your master password is stored securely in the iOS keychain. For some details regarding why this is actually safe despite some sensationalistic headlines to the contrary, please take a look at our blog post which explains [url="http://blog.agilebits.com/2011/02/lost-iphone-safe-passwords/"]iOS protection classes[/url]. (The data that 1Password stores in an iOS keychain has the most restrictive settings. It is set with both “Only when Unlocked” and “Non-migratable.”) There is also a [url="http://forum.agile.ws/index.php?/topic/4854-elcomsoft-claims/"]thread here in the forums on the same topic[/url]. Further details are available in our "[url="http://help.agilebits.com/1Password_touch/iOS_security_details.html"]iOS Security Details[/url]" document.



[quote]2. is this password used to access the true master password?[/quote]

From the "Where's your data?" section of the same blog post, 1Password stores the following in an iOS keychain:



[list]



[*]Your Dropbox credentials (email address and Dropbox password)

[*]Your master password for your data as stored on Dropbox

[*]Your master password for 1Password on your iOS device

[/list]

[quote]3. how do I know that connection is secure - the true master is the "keys to the kingdom".[/quote]

For this question, I will direct you to both our "[url="http://help.agilebits.com/1Password_touch/how_secure_is_syncing.html"]How 1Password Syncs Securely[/url]" and "[url="http://help.agilebits.com/1Password3/cloud_storage_security.html"]Security of Storing 1Password Data in the Cloud[/url]" documents. From the latter:



[indent]Your secrets in your 1Password data are safe wherever they are stored. Although we don’t recommend making your 1Password database publicly available to the world, we have designed it so that your username and password data (along with other secret data stored within it) is protected no matter whose hands they fall into. For this and other reasons we are very confident when we recommend cloud syncing of 1Password data with Dropbox. The remainder of [url="http://help.agilebits.com/1Password3/cloud_storage_security.html"]this document[/url] goes into increasing detail about the security measures in place and issues surrounding them.



[list=1]



[*][b]Your master password is never transmitted from your computer or device.[/b]

[*][b]All 1Password decryption and encryption is performed on your computer or device.[/b]

[*]The 1Password data format was designed to withstand sophisticated attacks if it fell into the wrong hands.

[*]Dropbox provides an additional layer of encryption.



[/list][/indent]

[i]Link and emphasis added.[/i]



[quote]FWIW, I think the Dropbox sync absolutely requires a strong password on the 1Password keychain (and a reasonably strong password on the Dropbox). Someday there could be a sour Dropbox employee who also has access to the Dropbox password credentials. Your 1Password passphrase is then your only defense.[/quote]

While Dropbox has policies in place that prevent an employee from accessing anyone's data, and strong Dropbox password is no match for an inside job. Check out the "[url="http://forum.agile.ws/index.php?/topic/1774-choosing-a-good-master-password/"]Choosing a Good Master Password[/url]" thread for some tips for protecting your 1Password data even if it falls into the wrong hands. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_wink.png' class='bbc_emoticon' alt=';-)' />



I hope that helps. Please let me know. It is great that you are thinking about these things.



Cheers!