Master Passwords and Dropbox syncing

Calion
Calion
Community Member

Is it required that the Desktop app and the iOS app have the same Master Password when using the same 1Password file via Dropbox? I ask because the answer is apparently No. I changed my Master Password on the Desktop (because I used a fairly insecure password when I first started using 1Password, then finally generated a Diceware password) and kept expecting the iOS app to refuse to accept my old password once Dropbox syncing had completed.

Well, it seems to have completed now, and my old, insecure password still works. This is convenient, I guess, but troubling. I'm anything but a cryptography expert, but I had thought that the 1Password file was encrypted using the master password as the key. The fact that my old password still works on iOS implies that that is not true. You guys seem to have thought all of this stuff through pretty well, but it troubles me that my file can currently be unlocked by either of two master passwords.

On another note: I would have searched to see if this had been addressed before, but I can't find a way to limit searches to a particular forum category.

Comments

  • MikeT
    edited May 2013

    Hi Jim,

    That's intentional to prevent you from getting locked out of the 1Password app on iOS in case the sync didn't carry over the new encryption keys properly. If it got corrupted, you wouldn't be able to get into the app. So, we store the older ones until we can verify your new encryption keys.

    Once you enter your new master password, the iOS app will trash the older one when it is terminated in the background (pushed out of the iOS's memory) or you do it forcefully by restarting the 1Password app (by killing it in the background). Once it is terminated, you won't be able to get into the app with the older password.

    Your 1Password data is encrypted by its own key that is randomly created when you first create the new data file, it is created with the strongest possible key based on the hardware's encryption libraries and other piece of data since we don't expect folks to create passwords with over 50 characters.

    Your master password is the encryption key that decrypt access to 1Password's encryption key. Basically, all of your items in 1Password database are encrypted with 1Password's strongest encryption key but the only one who knows about this encryption key is stored inside the encrypted file that can only be decrypted by your master password.

    So when you change your master password, your items are not re-encrypted with the newer master password but rather, your 1Password encryption keys are re-encrypted by the newer master password. That's why you may notice when you changed it, there was no burst of data syncing over Dropbox.

    As for the forum category, the search system is definitely weak. We're working with the forum vendor to see if we can find a better one.

    By the way if you're curious about how the whole encryption system, I'd strongly recommend reading our security guides here: http://learn.agilebits.com/1Password4/Security/security-index.html

    I hope this helps.

  • Hi Jim,

    I fixed the link, thanks for letting me know.

    You're welcome, if you have questions about anything, just let us know!

This discussion has been closed.