One thing to keep in mind is that cautious is good; panicked is bad. Panicked people tend to make poor security decisions, usually by focusing on the wrong threats.
But I didn’t have it on any of our other systems. So now I couldn’t get to my keychain. And so I was stuck in a catch-22. My Dropbox password was itself a 1password-generated litany of nonsense. Without access to Dropbox, I couldn’t get my keychain. Without my keychain, I couldn’t get into Dropbox.
[font=Arial, Verdana, sans-serif]Dropbox and 1Password re-opened every door for me in a way that would have been impossible if I were just storing passwords locally via my browser.[/font]
Thanks for the link, Mike! In case you missed it, we did a follow up blog post of our own on that great Ars Technica article:
What I am wondering is if this repetition of the same password, combined with an attacker's knowledge of the keychain format, will make it easier to crack my master password.
The passwords F9GndpVkfB44VdvwfUgTxGH7A8t and rE67AjbDCUotaju9H49sMFgYszA each look like extremely strong passwords. Based on their lengths and the use of upper and lower case and digits, any password strength testing system would say that these are extremely strong passwords. But suppose that the system by which these were generated was the following: Flip a coin. If it comes up heads use F9GndpVkfB44VdvwfUgTxGH7A8t, and if it comes up tails use rE67AjbDCUotaju9H49sMFgYszA.
That system produces only two outcomes. And even though the passwords look strong, passwords generated by that system are extremely weak.
From what you describe, if you created your 1Password datafile a long time about, then you probably have one that is using 1000 PBKDF2 iterations. Note that you can get a much better security gain by making even a small improvement to your Master Password than you can by increasing the PBKDF2 iterations.
Again, please not that going from 1,000 iterations to 10,000 iterations adds a relatively small degree of additional security.
This thread seems to imply that changing your master password isn't necessary because it's not subject to brute force attacks.
Based on the crack of the 512bit DKIM key from Gmail ([url="http://www.wired.com...ity-widespread/"]http://www.wired.com...ity-widespread/[/url]), do you still think that the 1Password master password shouldn't be rotated at some interval, along with the accounts inside it?
With the power of AWS/Azure/Google Cloud, couldn't someone that got a copy of my password file crack this in a reasonable/cost effective timeframe?
I believe your encryption is strong, and it seems you've thought of possible attack vectors, but the computational power that any particular person could wield becomes larger, and cheaper every month.
In line with that, have you tried working with a distributed cracker and a cloud service like AWS and seen what effect $100 might have on various encryption key lengths?
The second reason is that your 1Password Master Password is used for encryption instead of for authentication. Even after you change your Master Password, your old one will still be able to decrypt an old (backup) copy of your 1Password data. If someone has captured an old copy of your 1Password data, then they can still try to break in with the old Master Password. From there, they can extract keys that can even be used against your newer data.
This presents an interesting question... Is there some means in 1Password to forcibly re-generate the entire key structure such that this wouldn't be possible even if an old Master Password and data file became compromised? I guess exporting everything and reimporting it into a brand new 1Password database would do the trick, but is there a simpler way to go about this?
Obviously, were the Master Password ever compromised, passwords would need to be changed, but of course this doesn't do any good if the derived keys from the original file can be used to crack the newer data.