Syncing is performed via Dropbox

Hello,

today i bought my third 1password product/licence. I am using nowadays 1P for windows 7 and Ipad. After the first steps i wanted to sync my backups from Windows machine with my Ipad but i got following error:
Failed to restore, incorrect backup file. The file header does not start with 'SQLite format'

On Windows i dont have the possibility to sync like on a mac over wifi with the security code, so i tried it this way without success.

I must admit that i am not willing to use any Online hoster like dropbox for my 1P files!

Am i really not able to sync on windows machines without leaving my data into the WWW?

martinez

Comments

  • khadkhad Social Choreographer

    Team Member
    edited April 2011
    Welcome to the forums, Martinez!

    At this time, 1Password for Windows syncs with our other 1Password products via Dropbox.

    Please keep in mind that your secrets in your 1Password data are safe wherever they are stored. Although we don’t recommend making your 1Password database publicly available to the world, we have designed it so that your username and password data (along with other secret data stored within it) is protected no matter whose hands they fall into. For this and other reasons we are very confident when we recommend cloud syncing of 1Password data with Dropbox.

    Our "Security of storing 1Password data in the Cloud" document goes into greater technical detail regarding why we at Agile all use Dropbox syncing for our securely encrypted data every day. I would encourage you to read the entire document before dismissing Dropbox syncing outright. All 1Password encryption and decryption is done on your own device or computer. Neither Dropbox nor anyone would would ever have access to Dropbox can decrypt your data file without your master password.

    Only you can decide what is right for you, but if you have any other questions or concerns, please let us know.

    We are always here to help!
  • Hello khad,

    thank your for your link.
    I am concerned of the fact, that if someone can get access to dropbox you a) will not know that and B) the attacker would have enough time to crack my password.
    Maybe you know what I am thinking know? The most recent example:
    http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/
    Or what happens if the 1Password itself has an Bug that allows the attacker to open the 1P Backup files?

    The more popular Dropbox is, the more people will try to get on the files on it. And Dropbox is vulnerable :unsure:

    I cant use any Truecrypt container File to protect my files on Dropbox, because 1P wouldn't be able to recognize it.





    Is there no other way on a windows machine to transfer (just one time) my Windows 1P Data onto my Ipad?
  • khadkhad Social Choreographer

    Team Member
    edited April 2011
    Thanks for your continued interest in this, Martinez. It is always good to be thinking about these things.

    I am concerned of the fact, that if someone can get access to dropbox you a) will not know that and b ) the attacker would have enough time to crack my password.

    This is discussed in the aforelinked "Security of storing 1Password data in the Cloud" document. Please read the "Key strengthening" section under "Agile keychain security."

    Also, from the National Institute of Standards and Technology via our "Agile Keychain Design" document:

    In the late 1990s, specialized “DES Cracker” machines were built that could recover a DES key after a few hours. In other words, by trying possible key values, the hardware could determine which key was used to encrypt a message.

    Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), it would take that machine approximately 149 thousand billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be fewer than 15 billion years old.

    1Password uses 128-bit AES.

    Maybe you know what I am thinking know? The most recent example:
    http://dereknewton.c...tatic-host-ids/

    This has been discussed quite a bit, as you can imagine, here in our forums, in a recent post on our blog, and — if you haven't detected a pattern yet :-) — in the aforelinked "Security of storing 1Password data in the Cloud" document.

    Or what happens if the 1Password itself has an Bug that allows the attacker to open the 1P Backup files?

    Dropbox syncing does not require your backup files to be located in your Dropbox folder, but the backups are every bit as secure as your data file. They are essentially just compressed copies of your data file protected by the same strong, unique master password (that you have not shared with anyone) which is used to encrypt a 128-bit AES key strengthened by PBKDF2.

    The more popular Dropbox is, the more people will try to get on the files on it. And Dropbox is vulnerable

    Of course Dropbox is vulnerable. Security is a process, not a product. I would argue Dropbox is less vulnerable than other vectors of attack, though. :-)

    I cant use any Truecrypt container File to protect my files on Dropbox, because 1P wouldn't be able to recognize it.

    There is no need to encrypt everything twice. Your sensitive data is already encrypted by 1Password.

    Is there no other way on a windows machine to transfer (just one time) my Windows 1P Data onto my Ipad?

    As I mentioned in my previous post, 1Password for Windows syncs with our other 1Password products via Dropbox. Please feel free to transfer the data you need and then remove your data file from Dropbox, though. Removing your data file from Dropbox will "break" syncing, but will not remove and data already transferred.

    Please let me know if reading the "Security of storing 1Password data in the Cloud" document brings to mind anything else.

    Cheers!
This discussion has been closed.