Estate plan crafted around cracking master password

A warning that this is a fairly non-traditional request that I do not expect any kind of official support or endorsement for what I'm attempting.

While I'm alive, I don't want any kind of enemy or state action to even possibly compromise my security, so I'm opposed to printing out or writing down my master password even in a safety deposit box.

However, upon my death, I would like things ready for an executor to use files available to begin a cracking process that may not gain them entry for several weeks or months. Provided they have the secret key and my master password is crackable in the desired amount of time, what information from 1Password10.sqlite (the new format) is required to facilitate this? I'm comfortable extracting information from the sqlite database and running it through hashcat or john the ripper. None of the tools available now seem to be able to operate on the new format.

Further, it would be ideal if the encryption keys were separated from the data, including my e-mail address, so that if my executor needed to crowdsource the action or enlist others to assist in some way, those others would be able to provide him with the cracked master password without knowing precisely which account it goes to so that only he can log in.

How much of the above is feasible? Is the data now in the keysets table? Can someone provide an example of converting a query from the Windows sqlite into a hashcat command?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Not Provided

Comments

  • AGKyleAGKyle AgileSupport

    Team Member

    Hi @Lucent

    I don't want any kind of enemy or state action to even possibly compromise my security

    Do you believe you would actually be a target for this kind of attack?

    I think most people that are have teams of people in charge of their security and could probably better enact some sort of policy on your questions. Only you'd know if you were a target though, just know that in general, the average person is not going to be a target.

    Depending on where you live it may be as simple as asking you for your Master Password in an official court order.

    So you may simply be making this more difficult for yourself, rather than a state actor.

    Provided they have the secret key and my master password is crackable in the desired amount of time, what information from 1Password10.sqlite (the new format) is required to facilitate this?

    As far as I am aware there is no off the shelf solution for attempting to crack 1Password.com account data. There's nothing we're doing that's overly special here, and many cracking tools will work, just that the various cracking tools out there have not made the updates to their software to make it easier. So you'd either have to find a way to do this yourself, or wait for them to provide such a feature.

    Further, it would be ideal if the encryption keys were separated from the data, including my e-mail address, so that if my executor needed to crowdsource the action or enlist others to assist in some way, those others would be able to provide him with the cracked master password without knowing precisely which account it goes to so that only he can log in.

    How much of the above is feasible? Is the data now in the keysets table? Can someone provide an example of converting a query from the Windows sqlite into a hashcat command?

    That seems reasonable, but as you guessed we aren't able to provide technical support for this type of request. It just gets to be too technical and fiddly.

    If this is something you insist on doing, you'll probably need to hire or consult with an expert in the field to properly guide you. I'm afraid we can't recommend anyone for this either.

    But yes, what you're asking is possible. But it isn't going to be easy for us to help you with this.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file