How does the 1Password Website know what the correct Account Key is?

Hi,

New user here. Just hoping to get more details on the account key and master password. I've searched the forums already and have not been able to get an adequate answer.

  1. If the account key is only stored locally, then how come when I log in on the website the website knows whether I'm using the correct or incorrect key?
  2. Same question as above, but about the master password.
  3. What is the benefit of storing my vault on dropbox? If accessing the dropbox vault, how will it know if my account key and master password are correct?

Thanks,


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • The Master Password and the Account Key are used only for encrypting your data. This encryption happens entirely on your computer. So the keys never leave your computer. That should answer your first two questions.

    If you sign up for an account (i.e. the subscription model), you most likely won't be using Dropbox at all. That's primarily for those with a standalone license if they wish to sync between devices. With an account that is all taken care of for you. But the answer is mostly the same with respect to encryption. It all takes place on your computer and your Master Password never leaves your computer. (There is no Account Key in use when syncing with Dropbox.)

  • FrankFrank

    Team Member

    Hi @dniamir - Thank you for asking and @pervel is correct. I will be happy to address your security questions but with our new 1Password Memberships, you don't have to worry about using Dropbox. We take care of all the syncing on out end so you don't have to manage a third party syncing source.

    Our security is very open to make sure everyone knows what we're doing behind the scenes, we wrote a White Paper and published it on our website.

    There are three umbrellas of security with our 1Password Memberships. Before all of them is your Master Password and Account Key. In the standalone version of 1Password, everything is protected by your Master Password and all the security wizardry in the app. But in Teams, the Account Key is used to strengthen things even further. If you have a weak password, it's very unlikely someone will be able to access your data because the Account Key is a 128-bit string of characters that's generated locally when you set up your account. It never leaves your device, and we ask that you print it out to have a copy in case you need it later — you're probably not going to remember the whole thing. ;)

    It’s great to have a Master Password and Account Key protect your data, but they also need to communicate with the server to access your data, so we use three layers to protect things at rest and in transit. The first layer is based on your Master Password and Account key, which are used to derive a secret that is used to securely encrypt all of your data, both at rest and in transit between your devices and our servers. The second layer is based on the Secure Remote Password protocol. It allows your devices and our servers to make sure they are who they say they are. This provides an additional layer of protection against attack. The third and final layer is the standard TLS/SSL protocol. This layer provides a final layer of encryption and also allows your web browser to indicate that you were communicating directly with a 1Password web server. If you'd like to learn more about the security of 1Password, head to https://1password.com/security or you can read more about the Account Key here - https://support.1password.com/account-key-security/

  • Thanks for the responses, Pervel and Frank,

    I'm still confused as to how when I sign in on the website, the website knows that I have entered in the correct master password and account key.

    I have tried entering in an incorrect key and/or incorrect master password on the website. When I do this, the website tells me it is incorrect.

    How can the website know these are incorrect if they are not stored on the website?

  • I think maybe the word "know" is misleading here. The browser simply uses your keys (Master Password and Account Key) to decrypt the data it receives from the server. If they keys are correct, the browser can successfully decrypt the data. If the keys are incorrect, the decryption fails. Thus, it all takes place inside your browser. The keys are not transmitted. Only encrypted data are transmitted.

    Does that make sense?

  • ssorokassoroka 1Password Alumni

    Hey @dniamir,

    @pervel isn't quite right. This is partially true, but if that was the case we wouldn't know that it was specifically your account key that was wrong.

    The full answer is.... We came up with a clever way to know if you have the right account key or not without revealing the key to us when we designed the security of 1Password. The answer is pretty simple: the first 8 characters aren't really part of your account key at all, they're identifiers. The first 2 digits are a key version (in case we ever need to change how the key works, we know which version you're using), and the next 6 digits are a random non-secret identifier. By sharing the identifier with us we know if you are using the right account key, without actually knowing the account key secret. Details can be found in the white paper if you're interested: https://1password.com/files/1Password for Teams White Paper.pdf

  • AGKyleAGKyle AgileSupport

    Team Member

    Hi @dniamir

    Well, this is a tricky one as there are many layers here.

    The first part, if you goto the login page and purposefully provide an invalid Account Key, like "123," it'll happily tell you it's an invalid Account Key because that's not the correct length for starters.

    Then you have to factor in that we know the beginning characters of the Account Key, this is not really "part" of the key, it's just an identifier. For instance, here's a test Account Key I have laying around:

    A3-GWM4R8-A8LS9E-JYKE8-7EQPB-PKLGH-CA7PX

    Our server knows A3-GWM4R8, so if your provided Account Key does not begin with the same identifier we can say as much because we can check the account key identifier. See page 26 of the whitepaper, there's this bit:

    ”accountKeyFormat” : ”A3”,
    ”accountKeyUuid” : ”GWM4R8”

    Using this information we can determine that things are amiss.

    I think this answers your question. But we can dive a little deeper. Lets skip SRP, as I understand that a bit less, but there's also that to consider and we're skipping it here :)

    I'll skip a lot of decryption details because I will undoubtedly mess something important up, but basically as part of the decryption process there are things called Message Authentication Codes, or in our case Hash-based Message Authentication Codes (HMAC). The idea is that you can compare the decrypted cipher text to an authenticated hash to determine if the decryption succeeded. If the hash is the same, decryption succeeded, if the hash is different, decryption failed.

    We use PBKDF2-HMAC-SHA256. There are others as well, but this is what we use.

    Your Account Key and Master Password generate a Master Unlock Key (and in reference to the above SRP mention, it also generates an SRP-x) and then we can use HMAC to determine if decryption succeeded. If you want some additional details it's discussed around page 21 and on in the white paper.

    So there are many ways we can determine things without storing them on the server :) Hope that helps!

  • dniamirdniamir
    edited March 2017

    Thanks all for the answers, again. Ssoroka and AGKyle, your answers were particularly helpful.

    I read a lot of answers in other forum posts, and none of them have said it that way. I think the key bit of information is that the Account Key is a map or decoder used to match your master password.

    My next question is, where is the algorithm used in the mapping/decoding located? Is that stored locally, or on the server?

    Couldn't a hacker also obtain this algorithm just as easily as hacking a password?

  • AGKyleAGKyle AgileSupport

    Team Member
    edited March 2017

    Hi @dniamir

    Algorithms are not secret. The thing that is secret are your Account Key and Master Password. To decrypt your data you must have both of those. An attacker has to guess them, or obtain them from you directly.

    I also wouldn't say that the Account Key is a map or decoder that matches anything. It's a parameter in math terms, and they go into a function to get an output:

    You have an account key: A3-GWM4R8-A8LS9E-JYKE8-7EQPB-PKLGH-CA7PX
    You have a master password: larboard-dogfight-endanger-wainscot-ignominy-plan
    You have a function that converts this into something usable

    Technically we have several functions and they're used for different things but if we simplify dramatically:

    decryptionKey = deriveEncryptionKey("larboard-dogfight-endanger-wainscot-ignominy-plan", "A3-GWM4R8-A8LS9E-JYKE8-7EQPB-PKLGH-CA7PX")

    This function takes two parameters, your Account Key and your Master Password. It does a bunch of things that are probably difficult to talk about here. What it spits out is your decryptionKey. Every variation of a different Master Password and Account Key will spit out a different decryption key. The only key that can decrypt your data is the one that came from your Account Key and your Master Password.

    The algorithm that does this is not secret, it can't be. Creating your own algorithm for encryption is generally a bad idea, instead applications like 1Password rely on using proven encryption algorithms that have been vetted and tested and have gone through a lot of scrutiny. This is how an algorithm is deemed safe to use, if it can stand up to that. This often takes many years. So, if someone came up with a new encryption algorithm today, it likely wouldn't be used in any meaningful way for years, and only then if it has proven itself mathematically to be secure.

    The secret parts that an attacker must know are the Master Password and Account Key, because they're both used to obtain the decryption key (and the SRP-x used to talk to our server).

    Using a strong Master Password and an Account Key means that an attacker would have to guess both, guessing your Master Password might be easy, if it were something like 'a' but if it's the one I used above: larboard-dogfight-endanger-wainscot-ignominy-plan, it would take a lot longer. Combine this with the Account Key and it pushes the time it takes to guess them both to impossible. This means that an attacker either has to get the Master Password and Account Key directly from you (either by asking you, or by obtaining them from your computer) or give up.

    I hope that helps make some more sense of things. This is all quite simplified and there's a lot more going on under the hood, but I tried to keep it as basic as I could to make talking about it easier.

This discussion has been closed.