Recommendation - Encryption

parkforeman

I am a security professional who has been working with 1PW for some time. I am currently working on a forensics project and generally focus on ways to defeat forensic methods which are not unlike what hacker might use. You have a vulnerability in your database/encryption design where I have some recommendations. Basically, you need stronger, more complete encryption. I want to make 1PW the strongest product of its type. I think you guys have great potential in the enterprise where I have a lot of experience. I would be happy to discuss this with you but I think the forum is not the best place. If you are interested, please contact me.

brenty

Hey there, Park! Welcome to the forums! <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />



Thanks for bringing this up. We would love to discuss this with you, and I agree that a public forum is probably not the ideal venue. We have alerted our resident Defender Against the Dark Arts and he will be in touch. Thanks! <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/biggrin.png' class='bbc_emoticon' alt=':D' />

jpgoldberg

Hi parkforeman,



I'll send you a PM with my contact email address.



If this is about the fact that our current data format does not encrypt things like titles and URLs, please note that this is a something that is well known and has been thoroughly discussed in a number of places. One starting place is here:



http://blog.agilebits.com/2011/04/looking-ahead-in-security/



But also please look at our documentation on the design and security of our data.



http://help.agile.ws/1Password3/agile_keychain_design.html



and



http://help.agile.ws/1Password3/cloud_storage_security.html



Cheers,



-j