This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
Security feature for 1Password: program ID
Hello 1Password team,
i now use 1Password for a long time ad must say it really makes my life easier. I recently had a discussion with a friend which is an IT expert about the safety of such programs. He gave a point which is not implemented in 1Password yet:
-> the 1Password keychain file is not connected to a program ID (e.g. 1Password, Password for iOS,...); normally the program user interface denies access to the keychain file after a number of false tries. That is a very important point of making password cracking harder my limiting the tries you have. Now 1Password does not have that option because there is no connection between the keychain file and the program who is indeed the only way to limit access. That means a hacker can run unlimited attacks against the file.
Well, although dropbox is a very convenient way of keeping multiple computers in sync we must accept that your keychain file might fall into false hands. Under the current circumstances there is no further protection of the file but only the first instance of encryption. But the attack might run with every kind of software and it might take as long as the person is willing to run the attack.
-> would there be a factor to make the file accessible only through the right authorized program (e.g. only the owner program of 1Password, -> program ID) the hacker must indeed at first have physical access to the owners computer to get the program ID.
-> if this program ID code (a hash / MD5 or what ever, I'm not and IT) would be transferable and you could import it to every program you need to access the keychain file from it would be the most secure way
Sorry for my bad english, but please think about and implement such a feature
Greeting from germany
PS: running 1Password 3.6.0 on my mac an 1Password Pro on my iPod touch
i now use 1Password for a long time ad must say it really makes my life easier. I recently had a discussion with a friend which is an IT expert about the safety of such programs. He gave a point which is not implemented in 1Password yet:
-> the 1Password keychain file is not connected to a program ID (e.g. 1Password, Password for iOS,...); normally the program user interface denies access to the keychain file after a number of false tries. That is a very important point of making password cracking harder my limiting the tries you have. Now 1Password does not have that option because there is no connection between the keychain file and the program who is indeed the only way to limit access. That means a hacker can run unlimited attacks against the file.
Well, although dropbox is a very convenient way of keeping multiple computers in sync we must accept that your keychain file might fall into false hands. Under the current circumstances there is no further protection of the file but only the first instance of encryption. But the attack might run with every kind of software and it might take as long as the person is willing to run the attack.
-> would there be a factor to make the file accessible only through the right authorized program (e.g. only the owner program of 1Password, -> program ID) the hacker must indeed at first have physical access to the owners computer to get the program ID.
-> if this program ID code (a hash / MD5 or what ever, I'm not and IT) would be transferable and you could import it to every program you need to access the keychain file from it would be the most secure way
Sorry for my bad english, but please think about and implement such a feature
Greeting from germany
PS: running 1Password 3.6.0 on my mac an 1Password Pro on my iPod touch
Flag
0
Comments
-
Welcome to the forums, Stephan!
Thanks for asking about this, but I am not sure I fully understand your proposal.
Are you asking about support for [url="http://forum.agile.ws/index.php?/topic/3605-feature-request-keyfile-support/"]second-factor authentication using a keyfile[/url]?
While this feature is not currently implemented, please do consider that "a hacker can run unlimited attacks against the file" is a deceptively simple explanation of an incredibly complex process.
In short, the encrypted material within your data file cannot be decrypted by all of the computers on the planet working in tandem for many times longer than the age of the universe.* We make use of the OpenSSL libraries to provide algorithms, protocols and implementations of our encryption. These are developed and maintained by a wide, open, community of experts. In our choice of protocols, we rely on the recommendations of that expert community. We also understand that just as important as the choice of encryption algorithm and cipher mode is the choice and design of protocols.
One of these protocols that is worth mentioning at this point is the use of the [url="http://en.wikipedia.org/wiki/Key_strengthening"]key strengthening[/url] function [url="http://en.wikipedia.org/wiki/PBKDF2"]PBKDF2[/url]. This protects your data against password guessing (password cracking) programs in a number of ways. Before we can explain how that works, you need to know a bit more of what 1Password does when it decrypts your data. Your data is not directly encrypted with your master password. Instead it is encrypted with a random 128-bit number that was picked when 1Password first created your Agile keychain. That 128-bit number is your true decryption key. This key, in turn, is encrypted using your master password.
The computation (AES-128) to get from your decryption key to your data is designed to be quick; but the computation (PBKDF2) to get from your master password to your actual decryption key is designed to be slow. This means that when you enter in your master password you have to wait a fraction of a second. That fraction of a second, however, makes it enormously harder for automated guessing programs. Without PBKDF2 well designed automatic password guessing programs can try [url="http://blog.crackpassword.com/2010/12/blackberry-password-cracking-multi-threaded-with-hardware-accelerated-aes/"]millions of passwords per second[/url], but [i]with[/i] this key strengthening this is reduced to only [b]a few hundred per second[/b]. Another consequence of this system is that even if two people use the same master password, they will have different encryption keys and so their data will be encrypted differently.
Please also take a look at [url="http://blog.agilebits.com/2011/05/defending-against-crackers-peanut-butter-keeps-dogs-friendly-too/"]our blog post about PBKDF2[/url] for some additional information about PBKDF2 key strengthening and our [url="http://help.agilebits.com/1Password3/cloud_storage_security.html"]Cloud Storage Security[/url] document for more about why we continue to remain confident in the cloud storage and syncing of 1Password data files.
Security is definitely an ongoing process — we are not ruling out external keys or other additional factors of authentication — but I want to make sure you know that your data has been, is now, and remains secure even if we don't add such a feature. Additionally, if you ever had a hard drive failure, if your computer or device was ever stolen, your data would be lost forever if it was tied to a specific installation of 1Password. That's not a good position to put our customers in. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />
If you have any additional questions or concerns, please let me know.
Thanks!
* "Assuming that one could build a machine that could recover a DES key in a second, then it would take that machine approximately 149 trillion (thousand-billion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old." (via the [url="http://www.nist.gov/public_affairs/releases/g01-111.cfm#AES"]National Institute of Standards and Technology[/url])Flag 0 -
Hello khad,
thanks for your answer, I didn't notice your mentioned thread [quote]Are you asking about support for [url="http://forum.agile.ws/index.php?/topic/3605-feature-request-keyfile-support/"]second-factor authentication using a keyfile[/url]?[/quote]
but yes, that's it.
The only difference to the USB solution is the linking of the keychain file to a specific program ID (someone mentioned "something you own" in the other thread) and of course there must be a way of backing of this criteria or transferring it to all your devices.
That's the way how it works <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />Flag 0