Could there be a backdoor?

Okay, my three premises:

1) 1-Password is in the business to make a profit.

2) 1-Password makes a profit by convincing users their master password is unknowable to anyone but the user.

3) If 1-Password is very successful, the value of the accounts protected by master passwords could well exceed the value of the company, and thus the most profit might come from selling the company to the highest bidder who may want to rewrite the code to secure the master passwords.


Can someone correct my thinking that 1-Password is only as secure as those who control the code want it to be? Even if 1-Password was secretly run by nefarious Romanian identity thieves, they would want to write a very, very good program so to give people the confidence to rely entirely on the security of one password. But any time I enter my 1-password I have no way of knowing whether a bad guy hasn't rewritten the code to copy what I'm typing.

I've wondered...who would I trust to control the 1-password code? The government? No way. My sister? Sure, but my sister can't buy 1-password. My church? Sure, but again, my church can't buy 1-password. How about the Nation of Islam? No. The Pope? Sure. The Mormon Church? Maybe. We'd all have different answers and we'd subscribe to the group we trust.

Anyway, the point of this exercise is to ask whether there is any way to verify that 1-Password is more secure than the person(s) who control the code.
«13

Comments

  • tatchleytatchley
    edited December 2012
    So you are worried that the Agile Team has nefarious purposes and is secretly harvesting our Master Passwords through some obscure line of code? Even with that knowledge it would be useless without our actual .agilekeychain file. If you think that they are transmiting that too, then you are paranoid. After all, some trust is needed in any relationship for that relationship to work properly. And, even though they "control the code" as you say, that does not mean that, given any keychain file, they can decrypt it within a reasonable amount of time. They would be ignorant as any other thief, and only subject to the precessing power of their computer(s). The file is still encrypted and that does not change even though they know how it is encrypted. If that was the case, then everything would be, as you point out, only relatively safe subject to the creator of the method being used. As another example, AES, if I remember correctly, is the encryption standard of the United States Government and many other groups, yet it was created in the U.S. This is for the same reason I described above.

    That is how I see it. From here, I will let someone more knowledgeable like Jeff to give you a full-fledged response.
  • khadkhad Social Choreographer

    Team Member
    Welcome to the forums, jdouglasj! Thanks for taking the time to contact us. It is great that you are thinking about these things.

    While our Agile Keychain Design document doesn't directly address the question of whether or not there is a backdoor in 1Password, it does show that we are as open as possible about our data formats, which are fully available for inspection:

    http://help.agile.ws/1Password/agile_keychain_design.html

    However, that is only part of an answer. There are, in fact, two parts to the question. One is about a backdoor which someone at AgileBits would maliciously put in the code, the other is about a third party supplying you with a modified version of 1Password. For the latter, we use Apple's codesigning system as well as have our updater verify each download against a digital signature. I can give you more detail about those if you wish, but I suspect that you are more interested to know that we are not the bad guys ourselves.

    The simple truth is that you can never be absolutely certain that there is no backdoor. There isn't one, but if we would do something so evil as to put in a backdoor, we certainly would be willing to lie about it. So you can't simply take our word for it. Nonetheless, there are things that I can point to which are strong indicators that there is no backdoor. I know that we at Agile are all good people, but simply stating that does not prove it. Therefore, let me point to reasons that go beyond reliance on our virtue.

    It would be incredibly foolish of us from a business perspective to put in a backdoor. The trust that we have from our customers is our livelihood. There are very sophisticated security researchers out there scrutinizing 1Password for security flaws. If they were to discover a backdoor, our reputation and business would come to an end. Consider the effort that has gone into developing 1Password over the years. Our business is about providing a quality product and support. If we were seeking credit card numbers and online banking credentials, we would be conducting our business differently. These are some great reasons to avoid low-cost password managers from fly-by-night companies who don't offer a lot of detail about their formats and methods.

    We have never had any government pressure to put in a backdoor. We are a Canadian company, and we have an international staff. If one government were to try to pressure us, we could easily relocate the business to another jurisdiction.

    Lots of people within AgileBits have access to the source code which means that if one of us tried to put in a backdoor, others would spot it. So it would not be possible for just one or two people colluding to do it. At the same time, only a few people have the ability to sign the code that gets distributed, so all changes do get reviewed.

    We can't be as fully open as an open source project, but within the constraints of our business we try to be as open as possible. With our Chrome extension, where more code is written in JavaScript, that source is available for inspection (although parts of it are obfuscated).

    For network operations, you can monitor all network traffic coming from 1Password and its components. You will only find three cases where 1Password opens a network connection.

    1. For WiFi syncing (if you use it) 1Password 3 for Mac will pick up host information over Bonjour and then open up a connection on the local network to 1Password on an iPhone, iPad, or iPod Touch but only when you have set things up for Wi-Fi syncing.

    2. Our updater will check for new updates, fetch them, and verify their signature. You can disable this if you wish (Preferences > Updates > Automatically check for updates).

    3. Thumbnail previews are retrieved when you create a new Login. 1Password will attempt to create a preview of that page (with no form filling). This can also be disabled (Preferences > Logins > Login Previews).

    All of the encryption and security protocols we use are from well known and well reviewed libraries. This means that it would be harder for us to conceal a backdoor as we just aren't in a position to make subtle changes to the actual encryption algorithms and protocols. Our practice of not "rolling our own" encryption implementation is also an overall security advantage.

    I hope that this goes some way to reassuring you. As I said, we know we are honest, and we want you to know that too. Caution and skepticism are healthy habits, though, especially when it comes to security.

    Please let me know if you would like any clarification of any of these points or if there is anything else I can help with.
  • tatchley,

    [font=helvetica, arial, sans-serif]So you are worried that the Agile Team has nefarious purposes and is secretly harvesting our Master Passwords through some obscure line of code? Even with that knowledge it would be useless without our actual .agilekeychain file. If you think that they are transmiting that too, then you are paranoid.[/font]


    Do you work for Agilebits? Your use of the possessive determiner sounds like you do, but boy, calling an anonymous customer paranoid for asking about the security of a security product doesn't sound like someone that actually works for the company.

    Khad,

    Thank you for the response. It seems highly unlikely that Agilebits is up to anything nefarious, but then again, no successful thieves ever seem like thieves. Bernie Madoff was one of the most trusted independent wealth managers in the country. Bear Sterns was the most respected name on Wall Street. I had a Mint.com account that I shutdown because it was just trusting too much information to one source (Mint.com has customers enter all the passwords for all their bank accounts). I think Mint.com is owned by Intuit, which is seems a very unlikely thief, but who knows about the individual employees?

    I did appreciate you exhaustive response, but my hope is that you guys are thinking about technical solutions to the question, "How can Agilebits prove to customers that a backdoor is not possible?" You said that in the end you just have to trust the company, but I don't think that's true. For instance, you said that:

    [font=helvetica, arial, sans-serif]Lots of people within AgileBits have access to the source code which means that if one of us tried to put in a backdoor, others would spot it. So it would not be possible for just one or two people colluding to do it.[/font]


    That's a good point but your customers are still dependent upon a completely in-house security cross-check. You guys aren't a public company and someone could buy you out rather quietly. What if a real cross check somehow relied on a few independent, unrelated entities outside the company. Each of those entities would have to be satisfied, although none of those entitles by themselves would have the keys to the temple, so to speak.

    I imagine some folks at Aiglebits are Simon Singh fans (I think I have that author's name right) who loves writing about codemaking and code-breaking. Unlike a government entity, a corporation has the motivation and option to tie its own hands if it chooses. It seems to me that if you guys are the best protection out there, the questions I've posed are the questions all your potential customers are likely to ask.
  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member
    Hi jdouglasj,

    You are correct that in principle there is no way for us to absolutely prove that there isn't a back door. Note that the same holds true for the vendors of the operating systems you use.

    If we only released an update once a year or so, it would be feasible to have trusted third parties review the source code and every step from that source to the actual binaries that get distributed. But because we release more frequently, that just isn't feasible. It is enormously expensive and dramatically slows down the release process. And even if we let you examine the source (under an appropriate NDA) it would be difficult to prove that the source that you see is the same source behind the binary that gets distributed.

    The threat of us being bought out by some evil organization is something that you can mitigate. You are never forced to upgrade 1Password (except for when you upgrade to a new OS that older versions of 1Password don't support). Your data is completely under your control. If we were to disappear from the planet tomorrow, you would still have access to your data as it is today.

    Let me add to what Khad said about the business aspect of it, the going rate for stolen usernames and passwords to retail sites is 2 US dollars (if you buy in bulk). This doesn't rule out us doing stealing things just out of an evil inclination, but there really is no financial incentive to take the enormous risks of that kind of activity.

    I want to reemphasize what Khad said about how many of us have access to the source code. It would take a pretty big conspiracy for us to have a back door, and the likelihood of any secret conspiracy diminishes quickly with the number of people who have to remain silent.

    I'm really happy that people are reading books like Simon Singh's "The Code Book". I love this kind of stuff, and I'm glad that other people do to. (You may wish to follow our blog, where we sometimes have articles about cryptography and security.) In addition to wanting more people to understand and see the beauty of things that we really love, I also think that the more informed people are, the more they will appreciate the design of 1Password.

    I know there isn't a backdoor. I'm not expecting you to take my word for it. But I'm asking that you make your own security choices based on what we've said and what you know.

    Cheers,

    -j
  • I originally came across this thread by accident, but found the question and answers to be interesting and well-considered. In follow-up to khad and jpgoldberg's responses, I was wondering what kind of third party scrutiny (i.e., from Apple) has been applied to 1Password (for iOS or Mac) as part of the App Store vetting process? See, e.g., https://developer.apple.com/appstore/guidelines.html. Would this provide any measure of assurance to someone concerned about the possibility, however unlikely, of backdoors in the code? Thanks!

  • khadkhad Social Choreographer

    Team Member

    I don't believe there is much in the App Store review process that would detect certain backdoors. They may catch some backdoors, but it is not a system I would rely on in that regard.

    Thankfully, there are many more eyeballs from the security community on 1Password than would ever be feasible in the App Store review process. :)

  • Phil382Phil382
    edited January 2013

    Thanks, khad. If the external security community is and has been scrutinizing 1Password, it seems to me that displaying endorsements from several of its most prominent members would be a great marketing strategy and would also assuage the understandable concerns that some have. (By the way, for my own part, I am very satisfied with 1Password's security and your assurances above.)

  • dtearedteare Agile Founder

    Team Member

    Hi Phil382,

    You're right, some endorsements from the security community would be great. Without digging into details, suffice it to say that it turns out these guys are very busy. Apparently they don't need the business :)

    Someday I hope to finish a full audit and proudly display some endorsements.

  • Phil382Phil382
    edited January 2013

    While this subject is still on my radar, I'll add that the apparent absence of user security complaints over the years speaks volumes and is reassuring in its own right. I have yet to read of anyone ever suffering an actual 1Password security breach or blaming it for a drained bank account.

  • khadkhad Social Choreographer

    Team Member

    To our knowledge that has never happened. Nothing is impossible, but much is improbable. There's a [perhaps not so] fine line between "hubris" and "being prepared." While we are extremely proud of the security of 1Password, we are never resting on our laurels. It is always important to look ahead (and stay ahead) with security.

    You may be interested in some rainy day reading about the new Cloud Keychain design if you find the security of 1Password fascinating:

    1Password 4 Cloud Keychain design

    And of course, if you ever have any questions, you know where to find us! :)

  • MikeMcFarlaneMikeMcFarlane Junior Member

    Interesting thread, started by an interesting question.

    I think of it in the way that has been covered in previous blog articles - good security requires convenience (or I won't use it.) I don't need to use 1password, there are other options that could be considered more secure, relatively e.g. keeping all my passwords written down and in a bank vault, or not having my password manager sync via the cloud. But on the balance of apparent probabilities (based on the highly subject personal viewpoint from reading up, from researching the product, from the quality history of the product ie no serious security issues) I chose to trust 1password which in turn makes a lot of my other information more secure as it is convenient and easy to access my data on all my devices. It's a choice.

    Sure it would be nice if AgileBits had independent verification or open source code, but we don't have that. What we do have is a very popular product, and I am pretty sure if there was a backdoor or other security issue, it would be all over the internet in a moment.

    Sorry for the very subjective arguments!

  • MikeTMikeT Agile Samurai

    Team Member

    Hi Mike,

    No need to apologize, you should never apologize for stating your own opinions and contributing excellent thoughts in the discussions here. That's what the forum is for, the sharing of ideas, thoughts and feelings among our beloved community.

    Thank you!

  • SpaceAceSpaceAce
    edited February 2013

    Although I do not believe that Agile Bits would risk their business by transferring the master password to their servers I still do believe it's a very bad idea to store a keychain-file in any cloud-storage!
    Therefore I'm disappointed that the AppStore version (3.9) had removed the local WiFi-sync option and version 4 for Mac is still not available more than a year after 3.9 ...
    So for now I'm only using the Mac version and still wait to bring the iPhone and iPad version into production (already purchased but waiting for a non-cloud sync-option)

  • MikeTMikeT Agile Samurai

    Team Member
    edited February 2013

    Hi SpaceAce,

    I understand your concerns, we're working on a local USB sync that'll bypass any need to use the cloud. We removed the Wi-Fi sync because it was too unstable to use for many of our customers, even though it worked properly for some. The USB sync will remove most of the Wi-Fi instabilities since it no longer relies on it.

    1Password 4.0 for Mac is in heavy development at the moment but I don't have a timeframe on when it'll be out.

    FYI: There are no master passwords stored anywhere, so there's nothing for us to transfer anywhere. Even if your data file is in the cloud, there's nothing people can do to get into the data file unless they can guess your master password. The way we create your data file requires them to spend centuries with computers to guess it.

    Thank you!

  • SpaceAceSpaceAce
    edited February 2013

    Hi MikeT,

    Just because the master password is not stored anywhere it could be phished or stolen by a keylogger or similar trojan.
    Even if you have chosen a good encryption mechanism for the keychain-file it's IMHO still bad to let someone lay his hands on the encrypted file to run their tools against it offline with all the time they need. Call me paranoid but there are file-types which I will never store in a cloud-service. My keychain-file is one of these ;-)

    Any chance to be part of the 4.0 Beta-Test for Mac?

    Cheers,
    SpaceAce

  • MikeTMikeT Agile Samurai

    Team Member
    edited February 2013

    Hi SpaceAce,

    There is no 1Password 4 for Mac betas right now, we don't have any information we can share at the moment. Once we reach that stage of development, we'll announce the details about the beta project just as we did for the 1Password 4 for iOS betas. You'll be able to sign up then.

    As for the trojan, if you did have it, it wouldn't matter if you never had the file in the cloud, they can simply just scan for the data file, upload it remotely, and do it offline just as they would have to break into either iCloud/Dropbox if they could figure out your Dropbox/AppleID account information. Be sure to lock down the firewall to ensure this doesn't happen. :)

  • You bet my home is quite some "Fort Knox" (hardware and software firewalls protecting my network and my machines) :)
    While all what you say is true in some way I still fancy the "least possible risk"-approach avoiding unnecessary opportunities for the bad guys. This includes keeping certain files out of the cloud.

  • khadkhad Social Choreographer

    Team Member

    We're working on USB sync and it should be available soon if you are cloud averse. :)

  • I recently purchased 1Password after trying several other products. I really like it and I want to use it for all my passwords and other sensitive data. But how do I know that the software doesn't, for example, actually collect everyone's login information and send it to a central server for later sale to the highest bidder? I understand this is why many people recommend open-source password managers, but for a cross-platform (OSX, iOS, Windows), 1Password is much more pleasant to use than the open-source tools I tried.

    Have independent audits been done of 1Password? If not, how do people get comfortable with putting all their credentials, plus even the security question answers and social security numbers into a program that they're not really sure what it's doing?

    I really like 1Password and really want to feel comfortable with it. Any input would be appreciated.

  • Hey Agile Bits,

    With all the information coming out about companies giving the NSA backdoors in their software:

    https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html

    As Bruce states in his blog post: the math is good but the code has been subverted.

    My questions to the makers of 1Password:
    1) Have you subverted your code in any way?
    2) Have you ever been approached by the NSA to subvert your code?
    3) Would you be willing to either publish results from an external agency from a full security audit that you've had performed on your software, or be willing to subject your software to an external agency for a full security audit?

    Thank you.

    -Dustin (concern user)

  • If they have been approached by the NSA it would have been with an NSL attached: Agile Bits would not be able to deny or confirm any contact with NSA (or any of its sibling agencies). They would even have to keep quiet about it to their own legal counsel.

  • Uno_LavozUno_Lavoz
    edited October 2013

    This fucking paranoid thing again? Why don't you SEARCH the forums? It's been discussed to death.

    The short answer is: NO, there is no backdoor. And all users have the option to keep their data on their local disk.

    @Niklas: NSA is American. AgileBits is in Canada. As much as America would like it, their laws and agencies don't apply outside of their borders.

  • khadkhad Social Choreographer

    Team Member

    Great questions, @razorsharp and @RDustinB. It is great that you are thinking about these things. I merged your threads which this existing one.

    As for a backdoor, please see my post #3 above.

    Regarding a security audit, please see Jeff's post #5 above.

    Please also be sure to read our blog posts:

    You have secrets; we don’t. Why our data format is public

    On the NSA, PRISM, and what it means for your 1Password data

    1Password and The Crypto Wars

    Once you've had a chance to review those, please let us know if you have any follow up questions. We're always here to help.

  • @Uno_Lavoz that's the theory and we all thoughthoped it worked like that until we had stuff like Snowden, Kim Dotcom/Megaupload, extra-legal execution of suspects and civilians, Guantanamo.

    No, I don't think anything like that will happen to Agile Bits, I'm not that paranoid. But the argument that shady three-letter agencies from USA will follow international law and respect the sovereignty of other nations in 2013 is laughable at best and really sad because they wont. Heck UK and USA even spies on their own NATO allies.

  • Spying on other countries is one thing. I'm aware that NSA does that. But they don't force their American "must have a backdoor in all crypto software if we tell you to" laws on small companies in other countries. That's what I meant. There's a difference between spying in secrecy and trying to enforce their laws outside of their borders.

    @khad This is totally unrelated but could you please ensure that the team has this on their internal bugtracker: http://discussions.agilebits.com/discussion/comment/84500/#Comment_84500 - I posted it exactly one month ago and tried PM'ing two team members to get them to notice the thread. I'm a fellow programmer and that's a free (even for commercial use) fix for an ugly issue in 1Password 4. You're the closest I've been to seeing life from any AgileBits staff recently so perhaps you could pass this link on and ensure it's on the bugtracker? It would benefit all users (smaller databases due to superior compression, yet far better looking icons that gets rid of the current barf-quality).

  • NiklasNiklas
    edited October 2013

    Agile Bits does software development inside US borders (have developers working and living in USA). Just sayin' because Agile Bits said so in their blog post on this very subject.

  • @khad, perfect I was hoping for some articles that would answer my questions.

    @Uno_Lavoz, I did search the forums for "NSA backdoors" and didn't get the answers I was looking for, hence the reason for my original question. No need to be touchy :)

  • @RDustinB So you searched the forum but still felt your questions deserved making another thread when there was an existing NSA-thread?

  • khadkhad Social Choreographer

    Team Member

    @Uno_Lavoz, I'll pass your request along to the team. :) For the record, though, I assure you every single person at AgileBits has been working overtime lately even if your specific thread didn't get a reply yet. Thanks for your feedback!

    I encourage everyone to please keep this thread on topic.

  • @khad Thanks. I can't even imagine the workload all of you have been through day and night for months now (I've been on software projects and know what it's like, but none with forums/beta testing this active). But I had also tried my best for a whole month to get this free and simple fix noticed, and I was worn out as well. ;) Thank you for passing it on. Now I finally know that it'll be seen by the team.

    Anyway, as for the NSA issue, it's important to note that they have not broken any encryption schemes. The mathematics behind it all is still safe and guarantees that an attacker that manages to get your database still has to crack an incredibly long key (the 1Password database spec is open for anyone to read and is very secure). That task is difficult even for the NSA, and they're not going to put their supercomputer clusters on our Average Joe databases.

    The best thing people can do is have an extremely secure password. Then it won't matter if you store it directly on the NSA's hard drives. Your database will still be prohibitively difficult to crack even for them.

    Personally I use a 24 character password that's upper, lowercase, numeric and special characters. If it's that long, is a combination of several words, isn't in a dictionary and doesn't use a simple substitution scheme (i.e. no Disney = D15n3y type passwords), then it'll never be bruteforced in our lifetimes by a non-supercomputer adversary, if computers stay on the slow processing power rise that they've been on for so long now.

    Basically: Have a super secure password. Store the database itself wherever you want. There are no backdoors in 1Password and the mathematics behind the database format guarantee that your data is excellently encrypted.

    I'd feel safe storing all of my 1Password stuff directly on NSA's hard drives, because they are not targeting me and I have an incredible password.

    Know your foe and act accordingly. I have no foes. ;)

This discussion has been closed.