Estate plan crafted around cracking master password

A warning that this is a fairly non-traditional request that I do not expect any kind of official support or endorsement for what I'm attempting.

While I'm alive, I don't want any kind of enemy or state action to even possibly compromise my security, so I'm opposed to printing out or writing down my master password even in a safety deposit box.

However, upon my death, I would like things ready for an executor to use files available to begin a cracking process that may not gain them entry for several weeks or months. Provided they have the secret key and my master password is crackable in the desired amount of time, what information from 1Password10.sqlite (the new format) is required to facilitate this? I'm comfortable extracting information from the sqlite database and running it through hashcat or john the ripper. None of the tools available now seem to be able to operate on the new format.

Further, it would be ideal if the encryption keys were separated from the data, including my e-mail address, so that if my executor needed to crowdsource the action or enlist others to assist in some way, those others would be able to provide him with the cracked master password without knowing precisely which account it goes to so that only he can log in.

How much of the above is feasible? Is the data now in the keysets table? Can someone provide an example of converting a query from the Windows sqlite into a hashcat command?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Not Provided

Comments

  • AGKyle
    AGKyle
    1Password Alumni

    Hi @Lucent

    I don't want any kind of enemy or state action to even possibly compromise my security

    Do you believe you would actually be a target for this kind of attack?

    I think most people that are have teams of people in charge of their security and could probably better enact some sort of policy on your questions. Only you'd know if you were a target though, just know that in general, the average person is not going to be a target.

    Depending on where you live it may be as simple as asking you for your Master Password in an official court order.

    So you may simply be making this more difficult for yourself, rather than a state actor.

    Provided they have the secret key and my master password is crackable in the desired amount of time, what information from 1Password10.sqlite (the new format) is required to facilitate this?

    As far as I am aware there is no off the shelf solution for attempting to crack 1Password.com account data. There's nothing we're doing that's overly special here, and many cracking tools will work, just that the various cracking tools out there have not made the updates to their software to make it easier. So you'd either have to find a way to do this yourself, or wait for them to provide such a feature.

    Further, it would be ideal if the encryption keys were separated from the data, including my e-mail address, so that if my executor needed to crowdsource the action or enlist others to assist in some way, those others would be able to provide him with the cracked master password without knowing precisely which account it goes to so that only he can log in.

    How much of the above is feasible? Is the data now in the keysets table? Can someone provide an example of converting a query from the Windows sqlite into a hashcat command?

    That seems reasonable, but as you guessed we aren't able to provide technical support for this type of request. It just gets to be too technical and fiddly.

    If this is something you insist on doing, you'll probably need to hire or consult with an expert in the field to properly guide you. I'm afraid we can't recommend anyone for this either.

    But yes, what you're asking is possible. But it isn't going to be easy for us to help you with this.

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    This is a fun sort of mental exercise, but I expect that you are asking too much of your executors. Most of the lawyers I know still prefer signatures sent by FAX over digital signatures, so I feel that the education needed for your executors is going to be more than you want.

    But because I like thinking about such things under the (false) assumption of willing and capable executors, I have thought about such things. I believe that you can make things a bit simpler by adding another layer of abstraction.

    Slow cracking approach

    I don't really think that this is a good approach (as explained later), but there are simpler ways to approach it than your outline

    You don't want to rely on the details of the local sqlite files as we may change that format at any time, and they may be tuned differently for different clients.

    A simpler and more robust mechanism would be for you to keep a strong MP for your regular use, but encrypt a copy of your MP and secret key in something crackable. Then your 1Password data (including keyset) is stored separately from the encrypted document with MP and SK. So you still have the putting parts together. So you could put your Secret Key and MP into a file that you encrypted with something like GnuPG. It is that file that you encrypt with a crackable password.

    Time v Money

    Keep in mind that what might take months to crack on a high end home computer may just take hours on a specially built one. You can pay people with such rigs to do cracking for you. So you do not have control over the time it takes to crack; you only have control over the computational effort. You will also have to readjust things every couple of years as machines get more powerful. So I really don't think you can really get the approach you are looking at to have the security properties you are aiming for.

    Threshold Secret Sharing

    A better approach is to use something like Shamir Secret Sharing. Again, you encrypt your MP and SK, but here you are encrypting with a key that is a solution to a polynomial over a finite field. This way you can "share" that key with n people but it would take k out of n people working together to be able to decrypt the data. I don't know if there is usable software for doing this out there, but look for "Shamir Secret Sharing" or "Threshold Encryption."

  • Goldfinger
    Goldfinger
    Community Member

    its simpler for me. I dont write it down anywhere. But my wife has portion of it and another (trusted) person has the other half.
    Its in their onepassword notes sections. I put it there myself. its not Shamir Secret sharing but it seems risk appropriate for me.
    when i kick the bucket, the notes part tells them to collaborate with each other to get the whole thing.
    I dont consider the state level threat, but i guess that could cover that too. or 2 separate court orders etc. and one lives in a different country too.
    Any suggestions against my method?

  • I don't see anything wrong with that, @Goldfinger. Definitely a simpler approach and something I could see my former colleagues at the law firms I've worked at being able to handle far better than having to crack anything. To kind of pile on to Jeff's earlier note about the technical prowess of the legal field, I remember putting together a PDF portfolio of trial exhibits once and having the attorneys working that case think I was some kind of wizard. It's a field that's just a bit slow to adopt new tech and even moreso at smaller firms that don't necessarily have the big budgets needed for a dedicated IT team.

    For what it might be worth, I'm in a position where I can't share my Master Password. As such, I've given my folks and my partner access to the e-mail account I use for my personal 1Password account. I don't use this e-mail address for anything else. This allows any of them to recover my account so they can access it if something happens to me, but it also gives me the opportunity to put a stop to that process should they try to do so when I'm alive and well. It would still be totally possible for them to recover my account without me noticing. Say, while I'm traveling abroad and don't have internet access 24/7 as I do in my home country. But, it's adequate protection for me and allows me to provide access to that data in an emergency without needing to reveal my Master Password. Perhaps nothing of interest for your use-case, but just one more bit of evidence that we all have our own ways of managing these things that best fit our needs. :chuffed:

  • Lucent
    Lucent
    Community Member

    Happy to see the serious discussion around a fringe idea from so many security-knowledgeable people. Shamir's shared secret seems like the best solution to this so far. Just a matter of finding the right people in the right countries.

    One of my fantasy situations that is mathematically infeasible is some kind of tamper-evident, proprietary box that does nothing but spit out public keys every day that correspond to private keys that'll be released 1 week, 1 month, and 1 year from now.

    Related, and I can't imagine this being possible, is there any cryptographic rather than central server-related way of having a designated recoverer be forced to wait a time period before getting access? Other than time-verified cracking, which as pointed out is dependent on hardware, I can't see it working.

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    A physical secure device with an internal tamper-proof clock is the only way that anyone knows how to deal with. Back in the days when bank vaults were really used (now they are mostly for show or for safe deposit boxes), they had time locks. I don't know how secure those actually were, as they were a layer among other security measures (alarms, and actual vault key and combination).

    Half a century ago, there were proposed schemes like yours that today would be called "proof of work" that were suggested for delayed decryption. But that was before there were such wide variety in the availability of computing power became apparent. So I think that it is going to have to be a physical device with an internal clock.

    What I could imagine is that there be an external way on such a device to start the count-down. So something like secret sharing could be done to get a code that starts the clock. Once the clock is started it runs for, say, 500 hours and then unlocks another lock. After that, you could again require multiple key holders to act to open the box after that.

    So such a scheme (and hardware) would require, in order

    1. Cooperation among some set of individuals
    2. Forced wait for some amount of time, perhaps weeks.
    3. Cooperation among some set of individuals (not necessarily the same set)

    I would be surprised if some safe manufacturer hasn't attempted to build such a thing. But keep in mind that the forced waiting period can't really be longer than the amount of time the safe would withstand other physical attacks unless other mechanisms are in place to (like guards or visibility) to prevent persistent physical attacks.

This discussion has been closed.