This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Does Agile Keychain stay open in Time Machine?

DavidB
DavidB Senior Member
in Mac
If the Agile Keychain is open when Time Machine makes a backup, is the keychain still open in the backup? Are the keychain contents visible to anyone with access to the backup?



Thank you,



David
Flag

Comments

  • khad
    khad Social Choreographer
    Thanks for asking about this, David. It is good that you are thinking about these kinds of things.



    Fortunately, none of your sensitive data in 1Password is ever stored unencrypted on disk, so it would be impossible for Time Machine to back up any unencrypted data from your 1Password data file.



    For your security, 1Password decrypts as little information as possible at any given moment. 1Password presents itself to the user as either “locked” or “unlocked.” The impression someone might get from this is that when 1Password is unlocked, all of the information is suddenly decrypted. This, however, is not how 1Password really works. A system like that would suffer from having far too much of your sensitive information decrypted in computer memory or worse written to disk. 1Password gets around this problem by only decrypting the particular item you need at any given time and then forgetting that information when it is no longer needed. So instead of thinking of an unlocked state as a vault with all of your information being open, it is better to think of things differently.



    Imagine, instead of a vault that is locked or unlocked, a room full of locked boxes. Each box requires a key to open it, the same key. When you have entered your master password, that key is available although all of the boxes still remain locked. At various times 1Password will select a box and unlock that particular one. When it is done with the contents of that box, it will lock it again.



    When you go to a login page, say http://www.example.com/Login.php, 1Password needs to find all of the boxes that could potentially be a Login for that location. It also needs to present you with a list of those potential Logins so that you can choose among them. Conceivably (but incorrectly), 1Password could go and unlock each box in the room looking through their contents to determine which ones are potential matches. But that would take a very long time. Opening a single box doesn’t take any noticeable time, but opening all of them would be prohibitively slow.



    What we have done is put labels on the outside of each box. The labels contain, most importantly, the web location associated with that Login and the title that you gave to that Login. This way 1Password can scan the locations quickly without having to unlock any boxes. It can then present you with the titles of the ones that are potential matches. Once you select to fill with a particular login will 1Password unlock the particular box.



    Since Time Machine makes an identical copy of your data file, your data file would have to be unencrypted at some point for the scenario you are asking about to be a security flaw. This is not the case. You can rest easy. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    Please let me know if there is anything else I can help with.



    Thanks!
    Flag
  • DavidB
    DavidB Senior Member
    Thank you for your helpful explanation.



    David
    Flag
  • khad
    khad Social Choreographer
    No problem. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    Cheers,
    Flag