Renaming vault folders to omit format extension [not supported]

paradonymparadonym
edited January 2016 in Windows Beta

It's possible with the windows desktop program to access vaults-"folders" (windows displays vaults as a folder) not named ending with .agilekeychain or .opvault.
In the windows 10 beta it's not possible yet...
Sometimes I guess it's a bit more secure to hide a keychain in a misleading folder name called "website backup" or so (as keychain files look like a downloaded website), so simply renaming the 1password.agilekeychain folder worked for the desktop version...
But also some other programs can rename the folders. I sync my Vault using dropbox, but I don't want to rely on one closed source encryption, so I additionally use Boxcryptor to even don't let dropbox know the file names if government (or similar) asks for a list of stored files.

Boxcryptor works transparently in the background - every program can access the encrypted files like when they're not encrypted if boxcryptor is running.
The only disadvantage there is that this really slows down the read speed which lets my desktop-1password unlock the keychain for a full minute bevor showing any data... But I prefer security instead of convenience...


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Windows 10 x64 bit
Sync Type: Boxcryptor

Comments

  • DBrownDBrown 1Password Alumni

    As far as I'm aware, 1Password on none of the supported platforms (Mac, PC, iOS, Android, Windows 10 device) allows you to name a vault (PC) or its sync point (all other platforms) with any extension other than .opvault or .agilekeychain.

    Regarding 1Password 4 for Windows specifically, my co-workers confirm that, although you can change the "root" of the folder name (in File Explorer) to anything you like, 1Password 4 for Windows will not allow you to select a folder (File > Open 1Password Vault) that doesn't have one of those two extensions. (As it turns out, you can rename a .agilekeychain folder to have a .opvault extension, or vice versa; 1Password 4 for Windows would allow you to select it, as expected, but—to my surprise—it would also be able to interpret the folder and display your vault contents.)

    I'm not aware of any plan, at this time, to change the current behavior in either 1Password 4 for Windows or the beta app for Windows 10 devices, but I'll be sure to mention it to Dev. Thanks so much for letting us know that would be useful to you, @paradonym!

    Don't forget that your 1Password data is already extremely well protected just be being stored in 1Password (assuming, of course, you've used a strong unguessable master password).

    Thank you for using 1Password, @paradonym, and for taking time to share your feedback with us. Please keep it coming!

  • paradonymparadonym
    edited January 2016

    Thanks for the reply

    It seems to be that Mac, Android and Windows 10 beta are recognizing a vault via .agilekeychain but the desktop windows client recognizes it somehow different...
    It would be nice that every 1pw client recognizes it the way desktop-1pw does it - which could allow a flawless sync via every third party sync solution a user wants to use.

  • DBrownDBrown 1Password Alumni
    edited January 2016

    In 1Password for Mac (the only other of our supported platforms with which I'm fairly familiar), you can specify whether your data is synced using Agile Keychain or OP Vault format, but the actual vault is entirely internal.

    1Password 4 for Windows is different from all the other products in our 1Password line, in that the .agilekeychain or .opvault folder IS the vault—there's no internal database. (On other platforms, the folder is just a "sync point"—sort of like a copy of your data that Dropbox or OneDrive, for example, makes available to you, if you're using also 1Password on other devices and platforms.)

    In both cases, though, I believe the extension is required. (The 1Password 4 for Windows Dev team is looking into why it's possible to change the extension from one to the other, but I've confirmed that it's not possible to open a folder in 1Password 4 for Windows unless it has one of those two extensions.)

    I believe 1Password for Android is the only one in our line that doesn't readily recognize the OP Vault format, but I've never used it (as I don't have access to an Android device), so I base that statement on what's in the 1Password for Android user's guide.

    I hope that helps clarify things a bit, @paradonym. Thanks again for sharing your preference with us!

  • @paradonym I couldn't put it better than my colleague @DBrown just did, folder name is a way to choose between formats.

    While I don't foresee any changes in this behavior, one thought crossed my mind - you can use OneDrive and connect to your .opvault/.agilekeychain folder, then you can rename that folder on OneDrive to anything you like - we use OneDrive's item id to reference that folder and we care about it's name only at the first time.

  • DBrownDBrown 1Password Alumni
    edited January 2016

    Great tip, @SergeyTheAgile. Thanks! Does it work the same for Dropbox-synced folders, as @paradonym is using?

    Even if it does, @paradonym, please note that 1Password 4 for Windows won't automatically find the renamed folder. Even if you show it where to find the folder, 1Password 4 for Windows won't allow you to open the folder unless it still has an .agilekeychain or .opvault extension.

    Assuming you want to continue using the vault on both platforms, that's an important consideration. On the other hand, the beta app still doesn't write out any changes you make, so the "sync" is only one-directional: Each time you launch the beta app, it re-reads the sync folder to get the latest version of your 1Password data.

  • Dropbox introduced similar feature some time ago, we are investigating how much value it brings to 1Password.

  • DBrownDBrown 1Password Alumni
    edited January 2016

    UPDATE:

    I've discovered that it doesn't matter whether your OP Vault–format vault folder has a .opvault extension, and it doesn't matter whether your Agile Keychain–format vault folder has a .agilekeychain extension: Either format can use either of those two extensions, but your vault folder must have one or the other of those two extensions if you want 1Password 4 for Windows to open and use them.

  • I'd like to focus on Boxcryptor's nice feature to encrypt even the file names, as @paradonym had been talking about. Even if it might be true that 1Password files are encrypted itself and - more or less - uncrackable, the asset of using Boxcryptor (paid license!) is having even the file names being changed to Asian letters, so nobody is even able to guess that there are 1Password files stored in Dropbox.

    On my Mac, the local Dropbox file is addressed through Boxcryptor, on my iOS devices the same way, but logging into Dropbox externally proves that the 1Password file names are written in clear latin letters. Why?

    I am sure that users being interested in security and privacy are the ones purchasing 1Password, Boxcryptor, etc., and would deeply appreciate the forgoing taking place.

  • Hello @Marcellus,

    Does this Boxcryptor work on file bundles or does it only work on individual files? If it works only on individual files then that could be an issue as both an Agile Keychain and OPVault are file bundles, folders treated in a specific way by OS X. I can't comment as I've never used or even heard of Boxcryptor before. I couldn't find anything from a quick scan on their site except for this particular comment about filename encryption.

    As filename encryption obfuscates filenames, it might cause difficulties when using Boxcryptor which otherwise do not occur. You should only activate this feature if encrypted filenames are a hard requirement for your use case. If you do not need encrypted filenames for your security requirements, it is recommend not to enable filename encryption in order to have the best user experience.

    If the idea is 1Password reads and writes to a Boxcryptor folder and is meant to be unaware of Boxcryptor then it might be Boxcryptor are in a better place to explain why you're seeing what you're seeing.

    I would say though, I would imagine this feature plays havoc with Dropbox's conflict resolution unless I was informed otherwise and we do make use of Dropbox's conflict resolution. If it were me I'd want to know a lot more before I used such a feature as it seems like it could cause a bit of chaos.

    It may be somebody else on the team knows more about this application but I've not heard it mentioned before so we may be in the dark as to how well it interacts with Dropbox and 1Password.

  • Hello @littlebobbytables

    Thank you for your quick response.

    As far as I have learned and experienced to use Boxcryptor's file encryption I have never ever run into any problems with the encrypted file names. More than this, Boxcryptor (at least in the German version of their homepage) recommend the valued license pack with the advantage of file name encryption.

    Anyway, it's a good idea to ask the Boxcryptor team the same question, which I will do soon. If you like, I get back to you on this topic.

  • DBrownDBrown 1Password Alumni

    Yes, please, @Marcellus! That'd be very helpful and quite possibly informative to any other folks considering using such a product.

    I would think that any modification of filenames at the OS level might quickly make a mess of your 1Password sync folder.

  • Hi @DBrown

    I submitted a request to Boxcrytor already. As we are having Carneval this weekend in Germany, lasting until Tuesday, I do not expect Boxcrytor's reply earlier than Tuesday.

  • DBrownDBrown 1Password Alumni

    No problem, @Marcellus. Just let us know what you find out. Thanks!

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    I'm going to chime in about just one point:

    Sometimes I guess it's a bit more secure to hide a keychain in a misleading folder name called "website backup" or so

    It might seem that way, but it actually doesn't offer any meaningful security. A serious attacker is barely going to blink at such a small attempt at obfuscation, while a non-serious attacker isn't of any concern.

    In general, good security design follows what is called Kerckhoffs' Principle. There are many was to state Kerckhoffs' Principle. One of which might be

    1. The only secret should be in the key [Master Password in our case]
    2. Always design systems with the assumption that your opponent knows as much about your system as you do
    3. Security by obscurity is no security

    If you have a real need to conceal the fact that you have encrypted data and this need is separate from keeping that data hard to decrypt (for example, you live in a place in which using strong encryption tools is forbidden) then obviously I am not going to advise anyone to break the law.

    Proceeding hypothetically, in such circumstances you would need a steganographic tool which is specifically designed for concealing the presence of certain kinds of data. Note that there are a lot of cryptographic tools that offer a "hidden" or "stealth" mode that are not safe steganographic tools. Even some well respected encryption tools pretend to offer steganography that actually sucks. (And bad add-on steganography gets people killed.)

    But again, steganography is only useful if you have a strong reason to require concealing that you have such data itself, irrespective of keeping the contents of the data secret.

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    Let me follow up my previous comment first by thanking @paradonym for their question and for their thoughtfulness about security. It is great that people are thinking about ways that they can improve their security. And it is terrific that people are thinking about metadata (such as file names).

    Metadata matters

    This is one of the reasons why pretty much all entities within 1Password are identified by completely arbitrary UUIDs. In OPVault an attachment to an item will have a file name like 2480788563744AC4AB8E0C87BE0492DE_056B45C1E43647A5AF61D160C1DD1973.attachment. From that file name, you can learn that that it is an attachment to item 2480788563744AC4AB8E0C87BE0492DE, and by looking at the file itself you can get its length and when it was created. But unless you have the Master Password for the vault that the item is in, you will not learn what type of file was attached nor what the filename was.

    We are always looking for ways to reduce the amount of "useful" metadata we hold or an attacker can get at if they get a hold of your 1Password data. It may be a long time before the technology is such that we can conceal things like file size or the number of items you have in a vault. It may even be the case that it is impossible to eliminate all metadata. But as we move forward we look for more ways to bring more data (meta or otherwise) under the protection of privacy maintaining tools.

    The existence of 1Password data is metadata

    The existence of data is metadata that reveals some information about you. And so one may have perfectly legitimate reasons for wishing to conceal the existence of 1Password data. In my rejection of obfuscation above, I didn't want to suggest that there could never be a good reason to wish to conceal the existence of 1Password data. Perhaps you share a household with someone who works for one of our competitors and it would be embarrassing for you to admit that you use a superior product. :-) Whatever your reasons, they are yours.

    This is where I get to introduce some more terminology. I will refer to the secrecy of data as the information contained in the data is not revealed to an attacker. That is, good encryption provides for data secrecy. But encryption does not conceal (nor does it attempt to) the existence of the data. My point there was that if your goal is data secrecy, then (poorly) concealing the existence of the data is not a good move.

    If, on the other hand, you have reasons independent of data secrecy to conceal the existence of data, then there are other steps that you need to take. The task then is one of steganography instead of encryption.

    Use well-designed tools

    Just as bad encryption is often more dangerous than no encryption, bad steganography can be more dangerous than no steganography. This is why I reacted a bit harshly to @paradonym's perfectly reasonable query.

    Good steganography is hard. Bad steganography can be dangerous. So we would only wish to support steganography if we would do it well. It is better for us to make it clear that someone who gets hold of your disk will know that you use 1Password than to falsely suggest otherwise.

    In summary

    1. Concealing the existence of data should be done when that is a goal in its own right, separate from preserving data secrecy.
    2. Concealing the existence of data is hard to do right, but shouldn't be done half way.
  • Getting back on Boxcryptor, @DBrown ...

    I had an one hour conversation with their Head of Support, figuring out what follows:

    Using Boxcryptor on a Macbook (probably a PC, as well) there is no problem accessing the vault through Boxcryptor. By this, the vault has been encrypted locally before uploading to Dropbox. So far, so good.

    By the time you start 1Password on an iOS device the vault is synced instantly. Of course, this has to be done in order to provide the same passwords on any device at real time. This is what synching is for.

    Even if the user - most likely - has installed the Boxcryptor App on his or her iOS device, on such a device 1Password is not running through Boxcryptor. According to the Head of Support, Apple has set up limitations to prevent the one app using another one, which may be of advantages otherwise. This means, by the time iOS is synching 1Password via Dropbox, everything that had been encrypted on the Macbook is immediately decrypted and, after that, can bet seen decrypted in Dropbox via any browser - thanks to instant synching.

    Boxcryptor claimed be interested in contacting AgileBits in order to figure out a solution for iOS devices. If their is a way to exchange private messages, I can send you the contact data of the guy I'd been talking to.

  • @Marcellus please ask Boxcryptor guys to use [email protected] should they want to get in touch with us. It's not about iOS only, we also have Android, Windows and Windows RT apps to consider.

  • DBrownDBrown 1Password Alumni

    Thanks so much for the feedback and assistance, @Marcellus!

  • MarcellusMarcellus
    edited February 2016

    Your welcome, @DBrown

    Maybe you like the additional conversation with @bwoodruff:

    @Marcellus,

    If I follow correctly that statement is incorrect. 1Password's data is encrypted before leaving your computer. Your vault is never sent to Dropbox unencrypted. Boxcryptor doesn't change this.

    Ben

    .

    @bwoodruff

    To be precise: Whatever file is stored locally will be encrypted by Boxcryptor locally before being uploaded to Dropbox. In this case it doesn't matter whether the original file is already encrypted - like 1Password's vault" - or not. The decryption when synching with iOS is limited to Boxcryptor's encryption. The vault's description itself is not affected.

    In other words: With Boxcryptor from your Mac OS you get a double encryption, which is reduced to single encryption once synched with iOS.

    In this margins: Boxcryptor indeed does not change the 1Password encryption. Pardon me for being misunderstood.

    Marcellus

    .

    Gotcha. Thanks for the clarification, Marcellus. :)

    Ben

  • DBrownDBrown 1Password Alumni

    Yes, thank you for that follow-up, @Marcellus.

This discussion has been closed.