This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
1Password Security Questions
Hi. I read the 1Password architecture document ([url="http://help.agile.ws/1Password/agile_keychain_design.html"]http://help.agile.ws...ain_design.html[/url]) with interest. I had a few questions, though:
0) What exactly is a keychain item? Is that an individual password, coupled with its associated metadata?
1) At what times are passwords encrypted/decrypted? In particular, if a change is made to a keychain item, is the file immediately re-saved to ensure that an app crash doesn't cause data loss? (I saw an option for auto-save in one of the screenshots, so I [i]think[/i] this is true, but I just wanted to make sure)
2) Are passwords padded prior to encryption?
3) Is there a mechanism to update the master key (i.e. force a reencryption of the entire keychain) as opposed to just the master password?
4) Does 1Password make any attempt to ensure that decrypted passwords are never paged out to disk?
5) When generating random keys, where is entropy taken from? /dev/random? /dev/urandom? Is this also true of the password generator?The password padding (if any)?
6) With the advent of native support for AES on modern Intel processors, is there any possibility that 1Password would include an option for AES-256? I would imagine that disk read access is now probably a bigger bottleneck than CPU utilization.
7) Along a similar line, is there a possibility that 1Password might allow an option for full-data encryption as opposed to simply encrypting certain fields?
Thanks!
0) What exactly is a keychain item? Is that an individual password, coupled with its associated metadata?
1) At what times are passwords encrypted/decrypted? In particular, if a change is made to a keychain item, is the file immediately re-saved to ensure that an app crash doesn't cause data loss? (I saw an option for auto-save in one of the screenshots, so I [i]think[/i] this is true, but I just wanted to make sure)
2) Are passwords padded prior to encryption?
3) Is there a mechanism to update the master key (i.e. force a reencryption of the entire keychain) as opposed to just the master password?
4) Does 1Password make any attempt to ensure that decrypted passwords are never paged out to disk?
5) When generating random keys, where is entropy taken from? /dev/random? /dev/urandom? Is this also true of the password generator?The password padding (if any)?
6) With the advent of native support for AES on modern Intel processors, is there any possibility that 1Password would include an option for AES-256? I would imagine that disk read access is now probably a bigger bottleneck than CPU utilization.
7) Along a similar line, is there a possibility that 1Password might allow an option for full-data encryption as opposed to simply encrypting certain fields?
Thanks!
Flag
0
Comments
-
Hi there,
Welcome to the forums. Sorry for the delayed reply.
I started typing a reply to this and realized: you've asked some really great but really technical questions! I will get our Chief Defender Against the Dark Arts to reply so that you have the most accurate answers we can give.
Thanks.Flag 0
