So back a few months ago, I came onto the forums here asking for a lot more deep technical details about how 1Password works. I'd read the Teams white paper, I'd played with some of the underlying data a little, but I was still confused.
I was able to get a lot of great answers here in the forums, but I also saw a few people asking similar questions. And while, again, the engineers here have been great about answering those questions, you really had to skip around to find the answers. Sometimes a solid answer never really materializes (in particular I'm thinking about "test vectors," which are vital to have but a pain in the neck to generate).
So as I dug deeper, and built my own tools to convince myself that I really did understand what was going on, I slowly moved into Phase 2 of my typical "how does this work" obsession/process: Give a talk. I gave a short talk at a local hacker community (shout-out to NoVAHackers!) that was well received. Then I updated the talk, with a nice new metaphor for how vaults work, and gave it internally at work. Finally, last weekend I presented the talk at BSides Delaware, a small local security conference in, you guessed it, Delaware.
Along with the presentation, I published a multi-part blog series on how all these things work and interoperate. I've got sections on 2SKD and unlocking macOS clients, EMK and Windows clients, how vaults work, how local vaults change things (the older OPVault format), and finally a catch-all for lots of the little things I didn't really talk about. Wrap them up with an introductory bit and a "start-to-finish" walkthrough (the whole process from Master Password to decrypted vault item) and you've got a series.
Also included are the slides from my talk, and a GitHub repository with (really rough) tools / functions to play with the 1Password data, as well as a tool to generate those elusive test vectors. So you don't need to play with your actual live password data while you're building a tool to decrypt Team Vaults.
I'd been a little uncertain about posting it here (partially because I didn't want to come off too brashly tooting my own horn, and partially because I was a little hesitant about response from AgileBits, and whether I might've messed anything up...) But an encouraging tweet from Rick Fillion convinced me otherwise (Thanks!)
So you can find the whole blog series, with links to the talk and the GitHub repository, here: https://darthnull.org/series/1password/ . Start with the first entry ("Getting under the hood") and just read forward from there. Warning: They're a little dense at times, partially because one of my goals was for people to be able to use this as a reference when building and debugging their own tools... But hopefully it'll be interesting, for anyone who's curious how it works, as an alternative viewpoint to the (excellent) Teams Whitepaper. And ideally, it'll help at least a few people who are trying to go deeper with their own tools, too.
And, again, thanks to everyone who've answered my crazy questions here! Your help and the company's openness were vital to me making sense of everything, and are a big reason why I've enthusiastically recommend 1Password for, like, nearly a decade.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided